Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2008:190 (postfix)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.61534

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2008:190 (postfix)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to postfix
announced via advisory MDVSA-2008:190.

A vulnerability in Postfix 2.4 and later was discovered, when
running on Linux kernel 2.6, where a local user could cause a denial
of service due to Postfix leaking the epoll file descriptor when
executing non-Postfix commands (CVE-2008-3889).

The updated packages have been patched to correct this issue.

Affected: 2008.0, 2008.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:190
http://www.postfix.org/announcements/20080902.html

Risk factor : Medium

CVSS Score:
2.1

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-3889
BugTraq ID: 30977
http://www.securityfocus.com/bid/30977
Bugtraq: 20080902 Postfix Linux-only local denial of service (Google Search)
http://www.securityfocus.com/archive/1/495894/100/0/threaded
Bugtraq: 20080916 [Suspected Spam][CVE-2008-4042] Postfix Linux-only local denial of service - PoC (Google Search)
http://www.securityfocus.com/archive/1/496420/100/0/threaded
Bugtraq: 20081104 rPSA-2008-0311-1 postfix (Google Search)
http://www.securityfocus.com/archive/1/498037/100/0/threaded
https://www.exploit-db.com/exploits/6472
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html
http://security.gentoo.org/glsa/glsa-200809-09.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:190
http://www.wekk.net/research/CVE-2008-3889/
http://securitytracker.com/id?1020800
http://secunia.com/advisories/31716
http://secunia.com/advisories/31800
http://secunia.com/advisories/31982
http://secunia.com/advisories/31986
http://secunia.com/advisories/32231
http://securityreason.com/securityalert/4239
SuSE Security Announcement: SUSE-SR:2008:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
http://www.ubuntu.com/usn/usn-642-1
XForce ISS Database: postfix-filedescriptor-dos(44865)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44865

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.61534
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:190 (postfix)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to postfix announced via advisory MDVSA-2008:190. A vulnerability in Postfix 2.4 and later was discovered, when running on Linux kernel 2.6, where a local user could cause a denial of service due to Postfix leaking the epoll file descriptor when executing non-Postfix commands (CVE-2008-3889). The updated packages have been patched to correct this issue. Affected: 2008.0, 2008.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:190 http://www.postfix.org/announcements/20080902.html Risk factor : Medium CVSS Score: 2.1
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3889 BugTraq ID: 30977 http://www.securityfocus.com/bid/30977 Bugtraq: 20080902 Postfix Linux-only local denial of service (Google Search) http://www.securityfocus.com/archive/1/495894/100/0/threaded Bugtraq: 20080916 [Suspected Spam][CVE-2008-4042] Postfix Linux-only local denial of service - PoC (Google Search) http://www.securityfocus.com/archive/1/496420/100/0/threaded Bugtraq: 20081104 rPSA-2008-0311-1 postfix (Google Search) http://www.securityfocus.com/archive/1/498037/100/0/threaded https://www.exploit-db.com/exploits/6472 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html http://security.gentoo.org/glsa/glsa-200809-09.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:190 http://www.wekk.net/research/CVE-2008-3889/ http://securitytracker.com/id?1020800 http://secunia.com/advisories/31716 http://secunia.com/advisories/31800 http://secunia.com/advisories/31982 http://secunia.com/advisories/31986 http://secunia.com/advisories/32231 http://securityreason.com/securityalert/4239 SuSE Security Announcement: SUSE-SR:2008:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://www.ubuntu.com/usn/usn-642-1 XForce ISS Database: postfix-filedescriptor-dos(44865) https://exchange.xforce.ibmcloud.com/vulnerabilities/44865
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com