Vulnerability Description
Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Timo Sirainen | Dovecot | 1.0 |
References
- http://dovecot.org/list/dovecot-news/2006-November/000023.html
- http://dovecot.org/pipermail/dovecot-news/2006-November/000024.htmlPatch
- http://secunia.com/advisories/23007Vendor Advisory
- http://secunia.com/advisories/23150
- http://secunia.com/advisories/23172
- http://secunia.com/advisories/23213
- http://securitytracker.com/id?1017288
- http://www.novell.com/linux/security/advisories/2006_73_mono.html
- http://www.securityfocus.com/archive/1/452081/100/0/threaded
- http://www.securityfocus.com/bid/21183/info
- http://www.ubuntu.com/usn/usn-387-1
- http://www.vupen.com/english/advisories/2006/4614
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30433
- https://issues.rpath.com/browse/RPL-802
- http://dovecot.org/list/dovecot-news/2006-November/000023.html
FAQ
What is CVE-2006-5973?
CVE-2006-5973 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 user...
How severe is CVE-2006-5973?
CVE-2006-5973 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5973?
Check the references section above for vendor advisories and patch information. Affected products include: Timo Sirainen Dovecot.