Info

Disclosure

Sep 03, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Classification

Location: Local Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Solution: Patch / RCS, Upgrade
Disclosure: Vendor Verified

Solution

Upgrade to version 2.4.9, 2.5.5, 2.6-20080902 or higher, as it has been reported to fix this vulnerability. In addition, vendors have released a patch for some older versions.

Products

Unknown or Incomplete

References

Security Tracker: 1020800
CVE ID: 2008-3889 (see also: NVD) 2008-4042 (see also: NVD)
Bugtraq ID: 30977
Secunia Advisory ID: 31716 31800 31982 31986 32231
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2008-09/0010.html
http://archives.neohapsis.com/archives/bugtraq/2008-09/0182.html
https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-September/000747.html
Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200809-09.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:190
http://www.ubuntu.com/usn/usn-642-1
Vendor Specific News/Changelog Entry: http://www.postfix.org/announcements/20080902.html
Generic Exploit URL: http://www.securiteam.com/exploits/5QP0M15PFO.html
Vendor Specific Advisory URL: https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/48108