Local Denial of Service in Postfix by Linux Kernel Interaction
CVE-2008-3889

Currently unrated

Key Information:

Vendor: Postfix
Status: Postfix
Vendor: CVE Published:; 12 September 2008

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2008-3889?

A local denial of service vulnerability was identified in Postfix when used with the Linux 2.6 kernel. This issue arises from the leakage of epoll file descriptors during the execution of commands that are not directly related to Postfix, thereby allowing local users to potentially slow down or crash the application through crafted commands specified in a .forward file.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-3889 - Proof of Concept

References

http://secunia.com/advisories/31986

third-party-advisoryx_refsource_SECUNIA

https://www.redhat.com/archives/fedora-package-announce/2...

vendor-advisoryx_refsource_FEDORA

http://secunia.com/advisories/32231

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Sep 12, 2008
👾
Exploit known to exist
Sep 12, 2008
Vulnerability published
Sep 12, 2008
Vulnerability Reserved
Sep 2, 2008

CVE-2008-3889 Data

JSON