Home / vulnerabilities PLSA-2008-40.txt
Posted on 06 September 2008
Source : packetstormsecurity.org Link
------------------------------------------------------------------------
Pardus Linux Security Advisory 2008-40 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2008-09-06
Severity: 1
Type: Local
------------------------------------------------------------------------
Summary
=======
A security issue has been reported in Postfix, which can be exploited by
malicious, local users to cause a DoS (Denial of Service).
Description
===========
The security issue is caused due to Postfix leaking the epoll file
descriptor when executing non-Postfix commands, which can be exploited
to cause a DoS.
The security issue only affects Postfix 2.4 or later in combination with
epoll (e.g. Linux 2.6).
Affected packages:
Pardus 2008:
postfix, all before 2.5.4-21-5
Resolution
==========
There are update(s) for postfix. You can update them via Package Manager
or with a single command from console:
pisi up postfix
References
==========
* http://bugs.pardus.org.tr/show_bug.cgi?id=8114
* http://www.postfix.org/announcements/20080902.html
* http://secunia.com/advisories/31716/
------------------------------------------------------------------------
--
Pınar Yanardağ
Pardus Security Team
http://security.pardus.org.tr
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
