Vulnerability Details : CVE-2006-5974
fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions.
Vulnerability category: Memory CorruptionInput validationDenial of service
Products affected by CVE-2006-5974
- cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc2:*:*:*:*:*:*
- cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:fetchmail:fetchmail:6.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc3:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-5974
11.03%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-5974
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2006-5974
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2006-5974
-
Red Hat 2007-01-11Not vulnerable. This issue does not affect the versions of fetchmail distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
References for CVE-2006-5974
-
http://securitytracker.com/id?1017479
Access Denied
-
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.004.html
-
http://www.securityfocus.com/bid/21902
Patch
-
http://www.vupen.com/english/advisories/2007/0088
Site en construction
-
http://security.gentoo.org/glsa/glsa-200701-13.xml
Fetchmail: Denial of Service and password disclosure (GLSA 200701-13) — Gentoo security
-
http://www.novell.com/linux/security/advisories/2007_4_sr.html
404 Page Not Found | SUSE
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.517995
The Slackware Linux Project: Slackware Security Advisories
-
http://fedoranews.org/cms/node/2429
404 Not Found
-
http://www.securityfocus.com/archive/1/456114/100/0/threaded
-
http://fetchmail.berlios.de/fetchmail-SA-2006-03.txt
-
http://www.trustix.org/errata/2007/0007
Trustix | Empowering Trust and Security in the Digital Age
-
http://www.vupen.com/english/advisories/2007/0087
Site en construction
Jump to