Postfix epoll File Descriptor Leak Local DoS

Low Nessus Plugin ID 34347

Synopsis

The remote mail server is vulnerable to a local denial of service attack.

Description

According to its banner, the version of Postfix running on the remote host leaks 'epoll' file descriptors when it executes non-Postfix commands from, say, a user's .forward file. A local attacker can access the leaked epoll descriptor to launch a denial of service attack against Postfix.

Note that this issue only affects hosts running Linux with a 2.6 kernel.

Solution

Upgrade to Postfix 2.4.9 / 2.5.5 / 2.6-20080902 or later.

See Also

https://www.securityfocus.com/archive/1/495894/100/0/threaded

Plugin Details

Severity: Low

ID: 34347

File Name: postfix_epoll_local_DoS.nasl

Version: 1.13

Type: remote

Published: 2008/10/06

Updated: 2018/11/15

Dependencies: 10263, 11936, 11421

Configuration: Enable paranoid mode

Risk Information

Risk Factor: Low

CVSS v2.0

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:postfix:postfix

Required KB Items: Host/OS, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2008-3889

BID: 30977

CWE: 20