Vulnerability Details CVE-2006-5973
Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 83.4%
CVSS Severity
CVSS v2 Score 5.0
References
- http://dovecot.org/list/dovecot-news/2006-November/000023.html
- http://dovecot.org/pipermail/dovecot-news/2006-November/000024.html
- http://secunia.com/advisories/23007
- http://secunia.com/advisories/23150
- http://secunia.com/advisories/23172
- http://secunia.com/advisories/23213
- http://securitytracker.com/id?1017288
- http://www.novell.com/linux/security/advisories/2006_73_mono.html
- http://www.securityfocus.com/archive/1/452081/100/0/threaded
- http://www.securityfocus.com/bid/21183/info
- http://www.ubuntu.com/usn/usn-387-1
- http://www.vupen.com/english/advisories/2006/4614
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30433
- https://issues.rpath.com/browse/RPL-802
- http://dovecot.org/list/dovecot-news/2006-November/000023.html
- http://dovecot.org/pipermail/dovecot-news/2006-November/000024.html
- http://secunia.com/advisories/23007
- http://secunia.com/advisories/23150
- http://secunia.com/advisories/23172
- http://secunia.com/advisories/23213
- http://securitytracker.com/id?1017288
- http://www.novell.com/linux/security/advisories/2006_73_mono.html
- http://www.securityfocus.com/archive/1/452081/100/0/threaded
- http://www.securityfocus.com/bid/21183/info
- http://www.ubuntu.com/usn/usn-387-1
- http://www.vupen.com/english/advisories/2006/4614
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30433
- https://issues.rpath.com/browse/RPL-802
Products affected by CVE-2006-5973
-
cpe:2.3:a:timo_sirainen:dovecot:1.0
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.alpha1
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.alpha2
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.alpha3
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.alpha4
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.alpha5
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.beta1
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.beta2
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.beta3
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.beta4
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.beta5
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.beta6
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.beta7
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.beta8
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.beta9
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.rc1
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.rc10
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.rc11
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.rc12
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.rc13
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.rc14
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.rc2
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.rc3
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.rc4
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.rc5
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.rc6
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.rc7
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.rc8
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.rc9
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test53
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test54
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test55
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test56
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test57
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test58
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test59
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test60
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test61
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test62
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test63
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test64
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test65
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test66
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test67
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test68
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test69
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test70
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test71
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test72
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test73
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test74
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test75
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test76
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test77
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test78
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test79
-
cpe:2.3:a:timo_sirainen:dovecot:1.0.test80