CVE-2006-5973: Buffer Overflow
First published: Mon Nov 20 2006(Updated: )
Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dovecot | =1.0 | |
| Dovecot | =1.0.alpha1 | |
| Dovecot | =1.0.alpha2 | |
| Dovecot | =1.0.alpha3 | |
| Dovecot | =1.0.alpha4 | |
| Dovecot | =1.0.alpha5 | |
| Dovecot | =1.0.beta1 | |
| Dovecot | =1.0.beta2 | |
| Dovecot | =1.0.beta3 | |
| Dovecot | =1.0.beta4 | |
| Dovecot | =1.0.beta5 | |
| Dovecot | =1.0.beta6 | |
| Dovecot | =1.0.beta7 | |
| Dovecot | =1.0.beta8 | |
| Dovecot | =1.0.beta9 | |
| Dovecot | =1.0.rc1 | |
| Dovecot | =1.0.rc2 | |
| Dovecot | =1.0.rc3 | |
| Dovecot | =1.0.rc4 | |
| Dovecot | =1.0.rc5 | |
| Dovecot | =1.0.rc6 | |
| Dovecot | =1.0.rc7 | |
| Dovecot | =1.0.rc8 | |
| Dovecot | =1.0.rc9 | |
| Dovecot | =1.0.rc10 | |
| Dovecot | =1.0.rc11 | |
| Dovecot | =1.0.rc12 | |
| Dovecot | =1.0.rc13 | |
| Dovecot | =1.0.rc14 | |
| Dovecot | =1.0.test53 | |
| Dovecot | =1.0.test54 | |
| Dovecot | =1.0.test55 | |
| Dovecot | =1.0.test56 | |
| Dovecot | =1.0.test57 | |
| Dovecot | =1.0.test58 | |
| Dovecot | =1.0.test59 | |
| Dovecot | =1.0.test60 | |
| Dovecot | =1.0.test61 | |
| Dovecot | =1.0.test62 | |
| Dovecot | =1.0.test63 | |
| Dovecot | =1.0.test64 | |
| Dovecot | =1.0.test65 | |
| Dovecot | =1.0.test66 | |
| Dovecot | =1.0.test67 | |
| Dovecot | =1.0.test68 | |
| Dovecot | =1.0.test69 | |
| Dovecot | =1.0.test70 | |
| Dovecot | =1.0.test71 | |
| Dovecot | =1.0.test72 | |
| Dovecot | =1.0.test73 | |
| Dovecot | =1.0.test74 | |
| Dovecot | =1.0.test75 | |
| Dovecot | =1.0.test76 | |
| Dovecot | =1.0.test77 | |
| Dovecot | =1.0.test78 | |
| Dovecot | =1.0.test79 | |
| Dovecot | =1.0.test80 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://dovecot.org/pipermail/dovecot-news/2006-November/000024.html
- http://secunia.com/advisories/23007
- http://www.securityfocus.com/bid/21183/info
- http://www.ubuntu.com/usn/usn-387-1
- http://dovecot.org/list/dovecot-news/2006-November/000023.html
- http://securitytracker.com/id?1017288
- http://secunia.com/advisories/23150
- https://issues.rpath.com/browse/RPL-802
- http://www.novell.com/linux/security/advisories/2006_73_mono.html
- http://secunia.com/advisories/23172
- http://secunia.com/advisories/23213
- http://www.vupen.com/english/advisories/2006/4614
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30433
- http://www.securityfocus.com/archive/1/452081/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-5973?
CVE-2006-5973 is classified with a high severity due to its potential to cause denial of service.
How do I fix CVE-2006-5973?
To fix CVE-2006-5973, upgrade Dovecot to a version above 1.0.rc14 that addresses this vulnerability.
Is CVE-2006-5973 exploitable remotely?
Yes, CVE-2006-5973 can be exploited remotely by authenticated IMAP or POP3 users.
What versions of Dovecot are affected by CVE-2006-5973?
CVE-2006-5973 affects Dovecot versions 1.0test53 through 1.0.rc14.
What type of vulnerability is CVE-2006-5973?
CVE-2006-5973 is an off-by-one buffer overflow vulnerability.
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/timo sirainen
- product/dovecot
- canonical/timo sirainen dovecot
- canonical/dovecot
- version/dovecot/1.0
- version/dovecot/1.0.alpha1
- version/dovecot/1.0.alpha2
- version/dovecot/1.0.alpha3
- version/dovecot/1.0.alpha4
- version/dovecot/1.0.alpha5
- version/dovecot/1.0.beta1
- version/dovecot/1.0.beta2
- version/dovecot/1.0.beta3
- version/dovecot/1.0.beta4
- version/dovecot/1.0.beta5
- version/dovecot/1.0.beta6
- version/dovecot/1.0.beta7
- version/dovecot/1.0.beta8
- version/dovecot/1.0.beta9
- version/dovecot/1.0.rc1
- version/dovecot/1.0.rc2
- version/dovecot/1.0.rc3
- version/dovecot/1.0.rc4
- version/dovecot/1.0.rc5
- version/dovecot/1.0.rc6
- version/dovecot/1.0.rc7
- version/dovecot/1.0.rc8
- version/dovecot/1.0.rc9
- version/dovecot/1.0.rc10
- version/dovecot/1.0.rc11
- version/dovecot/1.0.rc12
- version/dovecot/1.0.rc13
- version/dovecot/1.0.rc14
- version/dovecot/1.0.test53
- version/dovecot/1.0.test54
- version/dovecot/1.0.test55
- version/dovecot/1.0.test56
- version/dovecot/1.0.test57
- version/dovecot/1.0.test58
- version/dovecot/1.0.test59
- version/dovecot/1.0.test60
- version/dovecot/1.0.test61
- version/dovecot/1.0.test62
- version/dovecot/1.0.test63
- version/dovecot/1.0.test64
- version/dovecot/1.0.test65
- version/dovecot/1.0.test66
- version/dovecot/1.0.test67
- version/dovecot/1.0.test68
- version/dovecot/1.0.test69
- version/dovecot/1.0.test70
- version/dovecot/1.0.test71
- version/dovecot/1.0.test72
- version/dovecot/1.0.test73
- version/dovecot/1.0.test74
- version/dovecot/1.0.test75
- version/dovecot/1.0.test76
- version/dovecot/1.0.test77
- version/dovecot/1.0.test78
- version/dovecot/1.0.test79
- version/dovecot/1.0.test80