CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2006-5973

Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
Publish Date : 2006-11-20 Last Update Date : 2008-09-05
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
5.0
Confidentiality Impact None (There is no impact to the confidentiality of the system.)
Integrity Impact None (There is no impact to the integrity of the system)
Availability Impact Partial (There is reduced performance or interruptions in resource availability.)
Access Complexity Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access None
Vulnerability Type(s) Denial Of ServiceOverflow
CWE ID CWE id is not defined for this vulnerability

- Products Affected By CVE-2006-5973

# Product Type Vendor Product Version Update Edition Language
1 Application Timo Sirainen Dovecot 1.0 Version Details Vulnerabilities
2 Application Timo Sirainen Dovecot 1.0.test57 Version Details Vulnerabilities
3 Application Timo Sirainen Dovecot 1.0.test73 Version Details Vulnerabilities
4 Application Timo Sirainen Dovecot 1.0.beta6 Version Details Vulnerabilities
5 Application Timo Sirainen Dovecot 1.0.rc8 Version Details Vulnerabilities
6 Application Timo Sirainen Dovecot 1.0.test62 Version Details Vulnerabilities
7 Application Timo Sirainen Dovecot 1.0.test78 Version Details Vulnerabilities
8 Application Timo Sirainen Dovecot 1.0.rc10 Version Details Vulnerabilities
9 Application Timo Sirainen Dovecot 1.0.alpha5 Version Details Vulnerabilities
10 Application Timo Sirainen Dovecot 1.0.rc2 Version Details Vulnerabilities
11 Application Timo Sirainen Dovecot 1.0.test67 Version Details Vulnerabilities
12 Application Timo Sirainen Dovecot 1.0.test56 Version Details Vulnerabilities
13 Application Timo Sirainen Dovecot 1.0.test72 Version Details Vulnerabilities
14 Application Timo Sirainen Dovecot 1.0.beta5 Version Details Vulnerabilities
15 Application Timo Sirainen Dovecot 1.0.rc7 Version Details Vulnerabilities
16 Application Timo Sirainen Dovecot 1.0.test61 Version Details Vulnerabilities
17 Application Timo Sirainen Dovecot 1.0.test77 Version Details Vulnerabilities
18 Application Timo Sirainen Dovecot 1.0.rc1 Version Details Vulnerabilities
19 Application Timo Sirainen Dovecot 1.0.alpha4 Version Details Vulnerabilities
20 Application Timo Sirainen Dovecot 1.0.rc14 Version Details Vulnerabilities
21 Application Timo Sirainen Dovecot 1.0.test66 Version Details Vulnerabilities
22 Application Timo Sirainen Dovecot 1.0.test71 Version Details Vulnerabilities
23 Application Timo Sirainen Dovecot 1.0.beta4 Version Details Vulnerabilities
24 Application Timo Sirainen Dovecot 1.0.rc6 Version Details Vulnerabilities
25 Application Timo Sirainen Dovecot 1.0.test80 Version Details Vulnerabilities
26 Application Timo Sirainen Dovecot 1.0.test55 Version Details Vulnerabilities
27 Application Timo Sirainen Dovecot 1.0.test60 Version Details Vulnerabilities
28 Application Timo Sirainen Dovecot 1.0.test76 Version Details Vulnerabilities
29 Application Timo Sirainen Dovecot 1.0.beta9 Version Details Vulnerabilities
30 Application Timo Sirainen Dovecot 1.0.rc13 Version Details Vulnerabilities
31 Application Timo Sirainen Dovecot 1.0.test65 Version Details Vulnerabilities
32 Application Timo Sirainen Dovecot 1.0.alpha3 Version Details Vulnerabilities
33 Application Timo Sirainen Dovecot 1.0.test70 Version Details Vulnerabilities
34 Application Timo Sirainen Dovecot 1.0.beta3 Version Details Vulnerabilities
35 Application Timo Sirainen Dovecot 1.0.rc5 Version Details Vulnerabilities
36 Application Timo Sirainen Dovecot 1.0.test54 Version Details Vulnerabilities
37 Application Timo Sirainen Dovecot 1.0.test59 Version Details Vulnerabilities
38 Application Timo Sirainen Dovecot 1.0.test75 Version Details Vulnerabilities
39 Application Timo Sirainen Dovecot 1.0.beta8 Version Details Vulnerabilities
40 Application Timo Sirainen Dovecot 1.0.test64 Version Details Vulnerabilities
41 Application Timo Sirainen Dovecot 1.0.alpha2 Version Details Vulnerabilities
42 Application Timo Sirainen Dovecot 1.0.rc12 Version Details Vulnerabilities
43 Application Timo Sirainen Dovecot 1.0.beta2 Version Details Vulnerabilities
44 Application Timo Sirainen Dovecot 1.0.rc4 Version Details Vulnerabilities
45 Application Timo Sirainen Dovecot 1.0.test53 Version Details Vulnerabilities
46 Application Timo Sirainen Dovecot 1.0.test69 Version Details Vulnerabilities
47 Application Timo Sirainen Dovecot 1.0.test58 Version Details Vulnerabilities
48 Application Timo Sirainen Dovecot 1.0.test74 Version Details Vulnerabilities
49 Application Timo Sirainen Dovecot 1.0.beta7 Version Details Vulnerabilities
50 Application Timo Sirainen Dovecot 1.0.test63 Version Details Vulnerabilities
51 Application Timo Sirainen Dovecot 1.0.test79 Version Details Vulnerabilities
52 Application Timo Sirainen Dovecot 1.0.alpha1 Version Details Vulnerabilities
53 Application Timo Sirainen Dovecot 1.0.rc11 Version Details Vulnerabilities
54 Application Timo Sirainen Dovecot 1.0.beta1 Version Details Vulnerabilities
55 Application Timo Sirainen Dovecot 1.0.rc3 Version Details Vulnerabilities
56 Application Timo Sirainen Dovecot 1.0.rc9 Version Details Vulnerabilities
57 Application Timo Sirainen Dovecot 1.0.test68 Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Timo Sirainen Dovecot 57

- References For CVE-2006-5973

http://secunia.com/advisories/23172
SECUNIA 23172
http://secunia.com/advisories/23150
SECUNIA 23150
http://secunia.com/advisories/23213
SECUNIA 23213
http://www.novell.com/linux/security/advisories/2006_73_mono.html
SUSE SUSE-SA:2006:073
http://securitytracker.com/id?1017288
SECTRACK 1017288
http://www.ubuntu.com/usn/usn-387-1
UBUNTU USN-387-1
https://issues.rpath.com/browse/RPL-802 CONFIRM
http://secunia.com/advisories/23007
SECUNIA 23007
http://www.frsirt.com/english/advisories/2006/4614
VUPEN ADV-2006-4614
http://www.securityfocus.com/archive/1/archive/1/452081/100/0/threaded
BUGTRAQ 20061119 Dovecot IMAP/POP3 server: Off-by-one buffer overflow
http://www.securityfocus.com/bid/21183/info
BID 21183
http://dovecot.org/pipermail/dovecot-news/2006-November/000024.html
MLIST [Dovecot-news] 20091119 1.0.rc15 released
http://xforce.iss.net/xforce/xfdb/30433
XF dovecot-indexcache-bo(30433)
http://dovecot.org/list/dovecot-news/2006-November/000023.html
MLIST [Dovecot-news] 20061119 Security hole #2: Off-by-one buffer overflow with mmap_disable=yes

- Metasploit Modules Related To CVE-2006-5973

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)


CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.