Total vulnerabilities in the database
Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application slowdown or exit) via a crafted command, as demonstrated by a command in a .forward file.
| Software | From | Fixed in |
|---|---|---|
| postfix / postfix | 2.4 | 2.4.x |
| postfix / postfix | 2.4.0 | 2.4.0.x |
| postfix / postfix | 2.4.1 | 2.4.1.x |
| postfix / postfix | 2.4.2 | 2.4.2.x |
| postfix / postfix | 2.4.3 | 2.4.3.x |
| postfix / postfix | 2.4.4 | 2.4.4.x |
| postfix / postfix | 2.4.5 | 2.4.5.x |
| postfix / postfix | 2.4.6 | 2.4.6.x |
| postfix / postfix | 2.4.7 | 2.4.7.x |
| postfix / postfix | 2.4.8 | 2.4.8.x |
| postfix / postfix | 2.5.1 | 2.5.1.x |
| postfix / postfix | 2.5.2 | 2.5.2.x |
| postfix / postfix | 2.5.3 | 2.5.3.x |
| postfix / postfix | 2.6 | 2.6.x |