|
|
>> Mandriva Security Update Fixes Postfix Denial of Service Vulnerability
|
Title : Mandriva Security Update Fixes Postfix Denial of Service Vulnerability
VUPEN ID : VUPEN/ADV-2008-2567
CVE ID : CVE-2008-3889
Rated as : Low Risk 
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2008-09-16
|
A vulnerability has been identified in Mandriva, which could be exploited by local attackers to cause a denial of service. This issue is caused due to Postfix leaking the epoll file descriptor when executing non-Postfix commands, which could allow malicious users to create a denial of service condition.
Affected Products
Mandriva Linux 2008.0
Mandriva Linux 2008.1
Solution
Upgrade the affected packages :
Mandriva Linux 2008.0:
c0bf5d528d5d41dcd2d20ebdb34d0cda 2008.0/i586/libpostfix1-2.4.5-2.2mdv2008.0.i586.rpm
fa944c0d7f0cbea926f535d510bf55d1 2008.0/i586/postfix-2.4.5-2.2mdv2008.0.i586.rpm
198798461aa8d36de69167dabf12e753 2008.0/i586/postfix-ldap-2.4.5-2.2mdv2008.0.i586.rpm
58655741a221fa54a33566568f3b4b82 2008.0/i586/postfix-mysql-2.4.5-2.2mdv2008.0.i586.rpm
a38a78d39fe49cfa5dd71ee4f5a8a2bd 2008.0/i586/postfix-pcre-2.4.5-2.2mdv2008.0.i586.rpm
6d26bd16aaab2333dc84a86b0595b31d 2008.0/i586/postfix-pgsql-2.4.5-2.2mdv2008.0.i586.rpm
da3f4b0d105461a2c0cc9d0ffdb8afbc 2008.0/SRPMS/postfix-2.4.5-2.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
028de47e6f9dd2a18be1afbfbfcc7b35 2008.0/x86_64/lib64postfix1-2.4.5-2.2mdv2008.0.x86_64.rpm
4e790bb1f1cb14e0eb008e8188c7d7f3 2008.0/x86_64/postfix-2.4.5-2.2mdv2008.0.x86_64.rpm
a843dc0ab9e22c27f1a83d3dd01139fd 2008.0/x86_64/postfix-ldap-2.4.5-2.2mdv2008.0.x86_64.rpm
9e50dfda594b6e6c270d001f5c020086 2008.0/x86_64/postfix-mysql-2.4.5-2.2mdv2008.0.x86_64.rpm
b27f29aa607246fa343244e783080dce 2008.0/x86_64/postfix-pcre-2.4.5-2.2mdv2008.0.x86_64.rpm
90992c9e66cbfa61adcc8f25af56bad0 2008.0/x86_64/postfix-pgsql-2.4.5-2.2mdv2008.0.x86_64.rpm
da3f4b0d105461a2c0cc9d0ffdb8afbc 2008.0/SRPMS/postfix-2.4.5-2.2mdv2008.0.src.rpm
Mandriva Linux 2008.1:
f7e093f905a77ffff051dd1f1719e70c 2008.1/i586/libpostfix1-2.5.1-2.2mdv2008.1.i586.rpm
17806bd3791473f79636f6e96aac3b16 2008.1/i586/postfix-2.5.1-2.2mdv2008.1.i586.rpm
ccbd6e6f134329f298da2e73ee924624 2008.1/i586/postfix-ldap-2.5.1-2.2mdv2008.1.i586.rpm
5e7501b1c226168794559a0c945c51ce 2008.1/i586/postfix-mysql-2.5.1-2.2mdv2008.1.i586.rpm
44482a44ec46d379cc90ec71b8d3da40 2008.1/i586/postfix-pcre-2.5.1-2.2mdv2008.1.i586.rpm
ed1ddf0451d015b1c85d09d438406c04 2008.1/i586/postfix-pgsql-2.5.1-2.2mdv2008.1.i586.rpm
d450d39e8073c6c9f1c9003f6189cf1a 2008.1/SRPMS/postfix-2.5.1-2.2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
f9a52469d5700428f6a2c606d2846299 2008.1/x86_64/lib64postfix1-2.5.1-2.2mdv2008.1.x86_64.rpm
5cb84c0ebe53a446efd208da355a9b4b 2008.1/x86_64/postfix-2.5.1-2.2mdv2008.1.x86_64.rpm
cdc066f4ebcd87b1902d330129ff5a87 2008.1/x86_64/postfix-ldap-2.5.1-2.2mdv2008.1.x86_64.rpm
4067143e300d124b20d7a24972c4ae22 2008.1/x86_64/postfix-mysql-2.5.1-2.2mdv2008.1.x86_64.rpm
65a6a8c5206d7a9c45b12557896cba58 2008.1/x86_64/postfix-pcre-2.5.1-2.2mdv2008.1.x86_64.rpm
b8d9b415787c02698fa29772942a2300 2008.1/x86_64/postfix-pgsql-2.5.1-2.2mdv2008.1.x86_64.rpm
d450d39e8073c6c9f1c9003f6189cf1a 2008.1/SRPMS/postfix-2.5.1-2.2mdv2008.1.src.rpm
References
http://www.vupen.com/english/advisories/2008/2567
http://archives.mandrivalinux.com/security-announce/2008-09/msg00007.php
ChangeLog
2008-09-16 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
