CVE-2006-5973

Summary

CVE	CVE-2006-5973
State	PUBLISHED
Assigner	mitre
Source Priority	CVE Program / NVD first with legacy fallback
Published	2006-11-20 19:07:00 UTC
Updated	2026-04-23 00:35:47 UTC
Description	Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.

Risk And Classification

Primary CVSS: v2.0 5 from [email protected]

AV:N/AC:L/Au:N/C:N/I:N/A:P

Problem Types: NVD-CWE-Other | n/a

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Timo Sirainen	Dovecot	1.0	All	All	All
Application	Timo Sirainen	Dovecot	1.0.alpha1	All	All	All
Application	Timo Sirainen	Dovecot	1.0.alpha2	All	All	All
Application	Timo Sirainen	Dovecot	1.0.alpha3	All	All	All
Application	Timo Sirainen	Dovecot	1.0.alpha4	All	All	All
Application	Timo Sirainen	Dovecot	1.0.alpha5	All	All	All
Application	Timo Sirainen	Dovecot	1.0.beta1	All	All	All
Application	Timo Sirainen	Dovecot	1.0.beta2	All	All	All
Application	Timo Sirainen	Dovecot	1.0.beta3	All	All	All
Application	Timo Sirainen	Dovecot	1.0.beta4	All	All	All
Application	Timo Sirainen	Dovecot	1.0.beta5	All	All	All
Application	Timo Sirainen	Dovecot	1.0.beta6	All	All	All
Application	Timo Sirainen	Dovecot	1.0.beta7	All	All	All
Application	Timo Sirainen	Dovecot	1.0.beta8	All	All	All
Application	Timo Sirainen	Dovecot	1.0.beta9	All	All	All
Application	Timo Sirainen	Dovecot	1.0.rc1	All	All	All
Application	Timo Sirainen	Dovecot	1.0.rc10	All	All	All
Application	Timo Sirainen	Dovecot	1.0.rc11	All	All	All
Application	Timo Sirainen	Dovecot	1.0.rc12	All	All	All
Application	Timo Sirainen	Dovecot	1.0.rc13	All	All	All
Application	Timo Sirainen	Dovecot	1.0.rc14	All	All	All
Application	Timo Sirainen	Dovecot	1.0.rc2	All	All	All
Application	Timo Sirainen	Dovecot	1.0.rc3	All	All	All
Application	Timo Sirainen	Dovecot	1.0.rc4	All	All	All
Application	Timo Sirainen	Dovecot	1.0.rc5	All	All	All
Application	Timo Sirainen	Dovecot	1.0.rc6	All	All	All
Application	Timo Sirainen	Dovecot	1.0.rc7	All	All	All
Application	Timo Sirainen	Dovecot	1.0.rc8	All	All	All
Application	Timo Sirainen	Dovecot	1.0.rc9	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test53	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test54	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test55	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test56	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test57	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test58	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test59	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test60	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test61	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test62	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test63	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test64	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test65	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test66	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test67	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test68	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test69	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test70	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test71	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test72	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test73	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test74	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test75	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test76	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test77	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test78	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test79	All	All	All
Application	Timo Sirainen	Dovecot	1.0.test80	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
[Dovecot-news] 1.0.rc15 released	af854a3a-2127-422b-91ae-364da2661108	dovecot.org	Patch
[Dovecot-news] Security hole #2: Off-by-one buffer overflow with mmap_disable=yes	af854a3a-2127-422b-91ae-364da2661108	dovecot.org
SecurityTracker.com Archives - Dovecot POP3/IMAP Cache File Buffer Overflow May Let Remote Users Execute Arbitrary Code	af854a3a-2127-422b-91ae-364da2661108	securitytracker.com
rPath update for dovecot - Secunia Advisories - Vulnerability Intelligence - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
issues.rpath.com/browse/RPL-802	af854a3a-2127-422b-91ae-364da2661108	issues.rpath.com
Security Announcement	af854a3a-2127-422b-91ae-364da2661108	www.novell.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	af854a3a-2127-422b-91ae-364da2661108	www.vupen.com
Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
USN-387-1: Dovecot vulnerability \| Ubuntu	af854a3a-2127-422b-91ae-364da2661108	www.ubuntu.com
IBM X-Force Exchange	af854a3a-2127-422b-91ae-364da2661108	exchange.xforce.ibmcloud.com
Ubuntu update for dovecot - Secunia.com	af854a3a-2127-422b-91ae-364da2661108	secunia.com
SUSE update for mono - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com
Dovecot Cache File Off-By-One Vulnerability - Advisories - Secunia	af854a3a-2127-422b-91ae-364da2661108	secunia.com	Vendor Advisory
SecurityFocus	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com
Dovecot IMAP Server Mapped Pages Off-By-One Buffer Overflow Vulnerability	MITRE	www.securityfocus.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.