Published: 20/11/2006 Updated: 17/10/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Off-by-one buffer overflow in Dovecot 1.0test53 up to and including 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
timo sirainen dovecot 1.0.alpha5
timo sirainen dovecot 1.0.beta1
timo sirainen dovecot 1.0.beta8
timo sirainen dovecot 1.0.beta9
timo sirainen dovecot 1.0.rc1
timo sirainen dovecot 1.0.rc3
timo sirainen dovecot 1.0.rc4
timo sirainen dovecot 1.0.test54
timo sirainen dovecot 1.0.test55
timo sirainen dovecot 1.0.test63
timo sirainen dovecot 1.0.test64
timo sirainen dovecot 1.0.test71
timo sirainen dovecot 1.0.test72
timo sirainen dovecot 1.0.test79
timo sirainen dovecot 1.0.test80
timo sirainen dovecot 1.0.alpha3
timo sirainen dovecot 1.0.alpha4
timo sirainen dovecot 1.0.beta6
timo sirainen dovecot 1.0.beta7
timo sirainen dovecot 1.0.rc14
timo sirainen dovecot 1.0.rc2
timo sirainen dovecot 1.0.rc9
timo sirainen dovecot 1.0.test53
timo sirainen dovecot 1.0.test60
timo sirainen dovecot 1.0.test61
timo sirainen dovecot 1.0.test62
timo sirainen dovecot 1.0.test69
timo sirainen dovecot 1.0.test70
timo sirainen dovecot 1.0.test77
timo sirainen dovecot 1.0.test78
timo sirainen dovecot 1.0
timo sirainen dovecot 1.0.beta2
timo sirainen dovecot 1.0.beta3
timo sirainen dovecot 1.0.rc10
timo sirainen dovecot 1.0.rc11
timo sirainen dovecot 1.0.rc5
timo sirainen dovecot 1.0.rc6
timo sirainen dovecot 1.0.test56
timo sirainen dovecot 1.0.test57
timo sirainen dovecot 1.0.test65
timo sirainen dovecot 1.0.test66
timo sirainen dovecot 1.0.test73
timo sirainen dovecot 1.0.test74
timo sirainen dovecot 1.0.alpha1
timo sirainen dovecot 1.0.alpha2
timo sirainen dovecot 1.0.beta4
timo sirainen dovecot 1.0.beta5
timo sirainen dovecot 1.0.rc12
timo sirainen dovecot 1.0.rc13
timo sirainen dovecot 1.0.rc7
timo sirainen dovecot 1.0.rc8
timo sirainen dovecot 1.0.test58
timo sirainen dovecot 1.0.test59
timo sirainen dovecot 1.0.test67
timo sirainen dovecot 1.0.test68
timo sirainen dovecot 1.0.test75
timo sirainen dovecot 1.0.test76

Dovecot was discovered to have an error when handling its index cache files This error could be exploited by authenticated POP and IMAP users to cause a crash of the Dovecot server, or possibly to execute arbitrary code Only servers using the non-default option “mmap_disable=yes” were vulnerable ...

NVD-CWE-Other http://dovecot.org/pipermail/dovecot-news/2006-November/000024.html http://secunia.com/advisories/23007 http://www.securityfocus.com/bid/21183/info http://www.ubuntu.com/usn/usn-387-1 http://dovecot.org/list/dovecot-news/2006-November/000023.html http://securitytracker.com/id?1017288 http://secunia.com/advisories/23150 https://issues.rpath.com/browse/RPL-802 http://www.novell.com/linux/security/advisories/2006_73_mono.html http://secunia.com/advisories/23172 http://secunia.com/advisories/23213 http://www.vupen.com/english/advisories/2006/4614 https://exchange.xforce.ibmcloud.com/vulnerabilities/30433 http://www.securityfocus.com/archive/1/452081/100/0/threaded https://usn.ubuntu.com/387-1/https://nvd.nist.gov

CVE-2006-5973

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect