How to Buy
This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200809-09
(Postfix: Denial of Service)
It has been discovered than Postfix leaks an epoll file descriptor when
executing external commands, e.g. user-controlled $HOME/.forward or
$HOME/.procmailrc files. NOTE: This vulnerability only concerns Postfix
instances running on Linux 2.6 kernels.
A local attacker could exploit this vulnerability to reduce the
performance of Postfix, and possibly trigger an assertion, resulting in
a Denial of Service.
Allow only trusted users to control delivery to non-Postfix commands.
See also :
All Postfix 2.4 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=mail-mta/postfix-2.4.9'
All Postfix 2.5 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=mail-mta/postfix-2.5.5'
Risk factor :
Low / CVSS Base Score : 2.1
Family: Gentoo Local Security Checks
Nessus Plugin ID: 34248 (gentoo_GLSA-200809-09.nasl)
CVE ID: CVE-2008-3889
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.