Vigil@nce: Postfix, denial of service under Linux
September 2008 by Vigil@nce
When Postfix is installed on a Linux kernel 2.6, a local attacker
can create a denial of service.
– Gravity: 1/4
– Consequences: denial of service of service
– Provenance: user account
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 02/09/2008
– Identifier: VIGILANCE-VUL-8080
IMPACTED PRODUCTS
– Postfix [confidential versions]
DESCRIPTION
The Postfix messaging server handles events depending on the
system:
– kqueue under BSD
– epoll() under Linux 2.6
– /dev/poll under Solaris
– poll() or select() on other systems
In the epoll (Linux 2.6) implementation, the file descriptor is
not closed when an external command is run. This command can
therefore access to epoll.
A local attacker can thus create a malicious program using epoll,
and put it in its " /.forward" file in order to create a denial of
service.
CHARACTERISTICS
– Identifiers: BID-30977, VIGILANCE-VUL-8080
– Url: https://vigilance.aql.fr/tree/1/8080