Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200809-09 (postfix)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.61646

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200809-09 (postfix)

Resumen: The remote host is missing updates announced in;advisory GLSA 200809-09.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200809-09.

Vulnerability Insight:
A memory leak in Postfix might allow local users to cause a Denial of
Service.

Solution:
All Postfix 2.4 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=mail-mta/postfix-2.4.9'

All Postfix 2.5 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=mail-mta/postfix-2.5.5'

CVSS Score:
2.1

CVSS Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-3889
BugTraq ID: 30977
http://www.securityfocus.com/bid/30977
Bugtraq: 20080902 Postfix Linux-only local denial of service (Google Search)
http://www.securityfocus.com/archive/1/495894/100/0/threaded
Bugtraq: 20080916 [Suspected Spam][CVE-2008-4042] Postfix Linux-only local denial of service - PoC (Google Search)
http://www.securityfocus.com/archive/1/496420/100/0/threaded
Bugtraq: 20081104 rPSA-2008-0311-1 postfix (Google Search)
http://www.securityfocus.com/archive/1/498037/100/0/threaded
https://www.exploit-db.com/exploits/6472
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html
https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html
http://security.gentoo.org/glsa/glsa-200809-09.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:190
http://www.wekk.net/research/CVE-2008-3889/
http://securitytracker.com/id?1020800
http://secunia.com/advisories/31716
http://secunia.com/advisories/31800
http://secunia.com/advisories/31982
http://secunia.com/advisories/31986
http://secunia.com/advisories/32231
http://securityreason.com/securityalert/4239
SuSE Security Announcement: SUSE-SR:2008:018 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
http://www.ubuntu.com/usn/usn-642-1
XForce ISS Database: postfix-filedescriptor-dos(44865)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44865

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.61646
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200809-09 (postfix)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200809-09.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200809-09. Vulnerability Insight: A memory leak in Postfix might allow local users to cause a Denial of Service. Solution: All Postfix 2.4 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-mta/postfix-2.4.9' All Postfix 2.5 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=mail-mta/postfix-2.5.5' CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3889 BugTraq ID: 30977 http://www.securityfocus.com/bid/30977 Bugtraq: 20080902 Postfix Linux-only local denial of service (Google Search) http://www.securityfocus.com/archive/1/495894/100/0/threaded Bugtraq: 20080916 [Suspected Spam][CVE-2008-4042] Postfix Linux-only local denial of service - PoC (Google Search) http://www.securityfocus.com/archive/1/496420/100/0/threaded Bugtraq: 20081104 rPSA-2008-0311-1 postfix (Google Search) http://www.securityfocus.com/archive/1/498037/100/0/threaded https://www.exploit-db.com/exploits/6472 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00287.html https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00271.html http://security.gentoo.org/glsa/glsa-200809-09.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:190 http://www.wekk.net/research/CVE-2008-3889/ http://securitytracker.com/id?1020800 http://secunia.com/advisories/31716 http://secunia.com/advisories/31800 http://secunia.com/advisories/31982 http://secunia.com/advisories/31986 http://secunia.com/advisories/32231 http://securityreason.com/securityalert/4239 SuSE Security Announcement: SUSE-SR:2008:018 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://www.ubuntu.com/usn/usn-642-1 XForce ISS Database: postfix-filedescriptor-dos(44865) https://exchange.xforce.ibmcloud.com/vulnerabilities/44865
Copyright	Copyright (C) 2008 E-Soft Inc.