USN-642-1Executive Summary
| Summary | |
|---|---|
| Title | Postfix vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | USN-642-1 | First vendor Publication | 2008-09-10 |
| Vendor | Ubuntu | Last vendor Modification | 2008-09-10 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 2.1 | Attack Range | Local |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentification | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
A security issue affects the following Ubuntu releases: Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: postfix 2.4.5-3ubuntu1.3 Ubuntu 8.04 LTS: postfix 2.5.1-2ubuntu1.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Wietse Venema discovered that Postfix leaked internal file descriptors when executing non-Postfix commands. A local attacker could exploit this to cause Postfix to run out of descriptors, leading to a denial of service. |
Original Source
| Url : http://www.ubuntu.com/usn/USN-642-1 |
CWE : Common Weakness Enumeration
| id | Name |
|---|---|
| CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2008-09-16 | Postfix < 2.4.9, 2.5.5, 2.6-20080902 (.forward) Local DoS Exploit |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 48108 | Postfix epoll File Descriptor Leak Local DoS |
(Low)
