CVE-2006-5974 - OpenCVE

fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:N/AC:L/Au:N/C:N/I:N/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Fetchmail	Fetchmail

Configuration 1 [-]

OR	cpe:2.3:a:fetchmail:fetchmail:6.3.5:::::::*
	cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc1::::::
	cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc2::::::
	cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc3::::::

References

Link	Resource
http://fedoranews.org/cms/node/2429
http://fetchmail.berlios.de/fetchmail-SA-2006-03.txt
http://osvdb.org/31836
http://secunia.com/advisories/23631	Vendor Advisory
http://secunia.com/advisories/23804	Vendor Advisory
http://secunia.com/advisories/23838	Vendor Advisory
http://secunia.com/advisories/23923	Vendor Advisory
http://secunia.com/advisories/24151	Vendor Advisory
http://security.gentoo.org/glsa/glsa-200701-13.xml
http://securitytracker.com/id?1017479
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.517995
http://www.novell.com/linux/security/advisories/2007_4_sr.html
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.004.html
http://www.securityfocus.com/archive/1/456114/100/0/threaded
http://www.securityfocus.com/bid/21902	Patch
http://www.trustix.org/errata/2007/0007
http://www.vupen.com/english/advisories/2007/0087
http://www.vupen.com/english/advisories/2007/0088

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-09T00:00:00

Updated: 2018-10-17T20:57:01

Reserved: 2006-11-20T00:00:00

Link: CVE-2006-5974

JSON object: View

NVD Information

Status : Modified

Published: 2006-12-31T05:00:00.000

Modified: 2018-10-17T21:46:11.187

Link: CVE-2006-5974

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-04T00:00:00", "descriptions": [{"lang": "en", "value": "fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1017479", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017479"}, {"name": "SSA:2007-024-01", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.517995"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://fetchmail.berlios.de/fetchmail-SA-2006-03.txt"}, {"name": "23838", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23838"}, {"name": "24151", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24151"}, {"name": "20070105 fetchmail security announcement 2006-03 (CVE-2006-5974)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/456114/100/0/threaded"}, {"name": "23631", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23631"}, {"name": "23804", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23804"}, {"name": "ADV-2007-0088", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0088"}, {"name": "SUSE-SR:2007:004", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"}, {"name": "FEDORA-2007-041", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://fedoranews.org/cms/node/2429"}, {"name": "23923", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23923"}, {"name": "31836", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/31836"}, {"name": "OpenPKG-SA-2007.004", "tags": ["vendor-advisory", "x_refsource_OPENPKG"], "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.004.html"}, {"name": "2007-0007", "tags": ["vendor-advisory", "x_refsource_TRUSTIX"], "url": "http://www.trustix.org/errata/2007/0007"}, {"name": "GLSA-200701-13", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200701-13.xml"}, {"name": "ADV-2007-0087", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0087"}, {"name": "21902", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21902"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5974", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1017479", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017479"}, {"name": "SSA:2007-024-01", "refsource": "SLACKWARE", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.517995"}, {"name": "http://fetchmail.berlios.de/fetchmail-SA-2006-03.txt", "refsource": "CONFIRM", "url": "http://fetchmail.berlios.de/fetchmail-SA-2006-03.txt"}, {"name": "23838", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23838"}, {"name": "24151", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24151"}, {"name": "20070105 fetchmail security announcement 2006-03 (CVE-2006-5974)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/456114/100/0/threaded"}, {"name": "23631", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23631"}, {"name": "23804", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23804"}, {"name": "ADV-2007-0088", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0088"}, {"name": "SUSE-SR:2007:004", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"}, {"name": "FEDORA-2007-041", "refsource": "FEDORA", "url": "http://fedoranews.org/cms/node/2429"}, {"name": "23923", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23923"}, {"name": "31836", "refsource": "OSVDB", "url": "http://osvdb.org/31836"}, {"name": "OpenPKG-SA-2007.004", "refsource": "OPENPKG", "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.004.html"}, {"name": "2007-0007", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2007/0007"}, {"name": "GLSA-200701-13", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200701-13.xml"}, {"name": "ADV-2007-0087", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0087"}, {"name": "21902", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21902"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5974", "datePublished": "2007-01-09T00:00:00", "dateReserved": "2006-11-20T00:00:00", "dateUpdated": "2018-10-17T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "5D09BB43-6CBA-499B-91D1-BA256A65E40D", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "B98AFEDF-2BAB-4588-94E0-35AEA5F1B514", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc2:*:*:*:*:*:*", "matchCriteriaId": "4E8BAB5B-4DBC-4D05-B5E2-591573BC05FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc3:*:*:*:*:*:*", "matchCriteriaId": "02F6E729-A2F2-42AC-A941-F57A0A4E84A0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions."}, {"lang": "es", "value": "fetchmail 6.3.5 y 6.3.6-rc4, cuando rechazan un mensaje entregado mediante la opci\u00f3n mda, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante vectores desconocidos que disparan una referencia a puntero nulo cuando se llama a las funciones (1) ferror o (2) fflush."}], "id": "CVE-2006-5974", "lastModified": "2018-10-17T21:46:11.187", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://fedoranews.org/cms/node/2429"}, {"source": "cve@mitre.org", "url": "http://fetchmail.berlios.de/fetchmail-SA-2006-03.txt"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/31836"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23631"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23804"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23838"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23923"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24151"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200701-13.xml"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017479"}, {"source": "cve@mitre.org", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.517995"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"}, {"source": "cve@mitre.org", "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.004.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/456114/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/21902"}, {"source": "cve@mitre.org", "url": "http://www.trustix.org/errata/2007/0007"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0087"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0088"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable. This issue does not affect the versions of fetchmail distributed with Red Hat Enterprise Linux 2.1, 3, or 4.", "lastModified": "2007-01-11T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}