CVE-2008-3889
EPSS 0.06%
Description
Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file.
How to fix CVE-2008-3889
To remediate CVE-2008-3889, upgrade the affected package to a fixed version below.
- Debian/postfix—upgrade to 2.5.5-1 or later
Is CVE-2008-3889 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.5.5-1