Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

USN-642-1: Postfix vulnerabilities

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) USN-642-1: Postfix vulnerabilities
# 1  
Old 09-10-2008
USN-642-1: Postfix vulnerabilities
Referenced CVEs:
CVE-2008-3889


Description:
=========================================================== Ubuntu Security Notice USN-642-1 September 10, 2008 postfix vulnerabilities CVE-2008-3889 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: postfix 2.4.5-3ubuntu1.3 Ubuntu 8.04 LTS: postfix 2.5.1-2ubuntu1.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Wietse Venema discovered that Postfix leaked internal file descriptors when executing non-Postfix commands. A local attacker could exploit this to cause Postfix to run out of descriptors, leading to a denial of service.





More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT REDHAT

postdrop

POSTDROP(1)						      General Commands Manual						       POSTDROP(1)

NAME

       postdrop - Postfix mail posting utility

SYNOPSIS

       postdrop [-rv] [-c config_dir]

DESCRIPTION

       The postdrop command creates a file in the maildrop directory and copies its standard input to the file.

       Options:

       -c     The  main.cf  configuration  file is in the named directory instead of the default configuration directory. See also the MAIL_CONFIG
	      environment setting below.

       -r     Use a Postfix-internal protocol for reading the message from standard input, and for reporting status information on  standard  out-
	      put. This is currently the only supported method.

       -v     Enable verbose logging for debugging purposes. Multiple -v options make the software increasingly verbose.

SECURITY

       The  command  is designed to run with set-group ID privileges, so that it can write to the maildrop queue directory and so that it can con-
       nect to Postfix daemon processes.

DIAGNOSTICS

       Fatal errors: malformed input, I/O error, out of memory. Problems are logged to syslogd(8) and to the  standard	error  stream.	 When  the
       input is incomplete, or when the process receives a HUP, INT, QUIT or TERM signal, the queue file is deleted.

ENVIRONMENT

       MAIL_CONFIG
	      Directory  with the main.cf file. In order to avoid exploitation of set-group ID privileges, it is not possible to specify arbitrary
	      directory names.

	      A non-standard directory is allowed only if the name is listed in the standard main.cf  file,  in  the  alternate_config_directories
	      configuration parameter value.

	      Only the super-user is allowed to specify arbitrary directory names.

FILES

       /var/spool/postfix, mail queue
       /etc/postfix, configuration files

CONFIGURATION PARAMETERS

       See the Postfix main.cf file for syntax details and for default values. Use the postfix reload command after a configuration change.

       import_environment
	      List of names of environment parameters that can be imported from non-Postfix processes.

       queue_directory
	      Top-level directory of the Postfix queue. This is also the root directory of Postfix daemons that run chrooted.

SEE ALSO

       sendmail(1) compatibility interface
       syslogd(8) system logging

LICENSE

       The Secure Mailer license must be distributed with this software.

AUTHOR(S)
       Wietse Venema
       IBM T.J. Watson Research
       P.O. Box 704
       Yorktown Heights, NY 10598, USA

																       POSTDROP(1)