PublicDate: 2008-09-12 16:56:00 UTC
Candidate: CVE-2008-3889
References: 
 https://ubuntu.com/security/notices/USN-642-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3889
Description:
 Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902,
 when used with the Linux 2.6 kernel, leaks epoll file descriptors during
 execution of "non-Postfix" commands, which allows local users to cause a
 denial of service (application slowdown or exit) via a crafted command, as
 demonstrated by a command in a .forward file.
Ubuntu-Description: 
 Wietse Venema discovered that Postfix leaked internal file descriptors
 when executing non-Postfix commands.  A local attacker could exploit
 this to cause Postfix to run out of descriptors, leading to a denial
 of service.
Notes: 
Bugs: 
Priority: low
Discovered-by: Wietse Venema
Assigned-to: lamont
CVSS: 

Patches_postfix:
upstream_postfix: released (2.5.5)
dapper_postfix: not-affected
feisty_postfix: not-affected
gutsy_postfix: released (2.4.5-3ubuntu1.3)
hardy_postfix: released (2.5.1-2ubuntu1.2)
devel_postfix: released (2.5.5-1)