Postfix segfaults if the hostname cannot be found in DNS. Since the DNS response is not safely checked an exploit may be possible. Version-Release number of selected component (if applicable): 2.1.5-2.4.FC3 How reproducible: Always Steps to Reproduce: # hostname foo.bar # service postfix restart Actual Results: Shutting down postfix: /etc/init.d/postfix: line 58: 10620 Segmentation fault /usr/sbin/postfix stop 2>/dev/null 1>&2 [FAILED] Starting postfix: /etc/init.d/postfix: line 34: 10628 Segmentation fault /usr/sbin/postalias ${alias_database//,} 2>/dev/null [FAILED] Expected Results: Shutting down postfix: [ OK ] Starting postfix: [ OK ]
FYI: I saw something on the postfix developers list that suggests that this bug is caused by a (not so smart according to Wietse Venema ..) change to the stock postfix code by Red Hat. See these postings: http://article.gmane.org/gmane.mail.postfix.devel/316 http://article.gmane.org/gmane.mail.postfix.devel/317 http://article.gmane.org/gmane.mail.postfix.devel/318 http://article.gmane.org/gmane.mail.postfix.devel/319
Is there any reason to include the postfix-hostname-fqdn.patch in question? I've never found it necessary....
*** This bug has been marked as a duplicate of 139983 ***
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.