Vulnerabilities > CVE-2006-5973 - Unspecified vulnerability in Timo Sirainen Dovecot
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN timo-sirainen
nessus
Summary
Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
Vulnerable Configurations
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-387-1.NASL description Dovecot was discovered to have an error when handling its index cache files. This error could be exploited by authenticated POP and IMAP users to cause a crash of the Dovecot server, or possibly to execute arbitrary code. Only servers using the non-default option last seen 2020-06-01 modified 2020-06-02 plugin id 27970 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/27970 title Ubuntu 6.06 LTS / 6.10 : dovecot vulnerability (USN-387-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-387-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(27970); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:33:01"); script_cve_id("CVE-2006-5973"); script_xref(name:"USN", value:"387-1"); script_name(english:"Ubuntu 6.06 LTS / 6.10 : dovecot vulnerability (USN-387-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Dovecot was discovered to have an error when handling its index cache files. This error could be exploited by authenticated POP and IMAP users to cause a crash of the Dovecot server, or possibly to execute arbitrary code. Only servers using the non-default option 'mmap_disable=yes' were vulnerable. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/387-1/" ); script_set_attribute( attribute:"solution", value: "Update the affected dovecot-common, dovecot-imapd and / or dovecot-pop3d packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dovecot-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dovecot-imapd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:dovecot-pop3d"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10"); script_set_attribute(attribute:"patch_publication_date", value:"2006/11/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(6\.06|6\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 6.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"dovecot-common", pkgver:"1.0.beta3-3ubuntu5.4")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"dovecot-imapd", pkgver:"1.0.rc2-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"dovecot-pop3d", pkgver:"1.0.rc2-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"dovecot-common", pkgver:"1.0.rc2-1ubuntu2.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"dovecot-imapd", pkgver:"1.0.beta3-3ubuntu5.4")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"dovecot-pop3d", pkgver:"1.0.beta3-3ubuntu5.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dovecot-common / dovecot-imapd / dovecot-pop3d"); }NASL family Fedora Local Security Checks NASL id FEDORA_2006-1504.NASL description - Thu Dec 21 2006 Tomas Janousek <tjanouse at redhat.com> - 1.0-0.beta8.3.fc5 - fixed default paths in the example mkcert.sh to match configuration defaults (fixes #183151) - fixed off by one (#216508, CVE-2006-5973) - Thu Jun 8 2006 Petr Rockai <prockai at redhat.com> - 1.0-0.beta8.2.fc5 - bring FC-5 branch up to date with the rawhide one (bugfixes only) - should fix non-working pop3 in default installation - Thu Jun 8 2006 Petr Rockai <prockai at redhat.com> - 1.0-0.beta8.2 - put back pop3_uidl_format default that got lost in the beta2->beta7 upgrade (would cause pop3 to not work at all in many situations) - Thu May 4 2006 Petr Rockai <prockai at redhat.com> - 1.0-0.beta8.1 - upgrade to latest upstream beta release (beta8) - contains a security fix in mbox handling - Thu May 4 2006 Petr Rockai <prockai at redhat.com> - 1.0-0.beta7.1 - upgrade to latest upstream beta release - fixed BR 173048 - Fri Mar 17 2006 Petr Rockai <prockai at redhat.com> - 1.0-0.beta2.8 - fix sqlite detection in upstream configure checks, second part of #182240 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 24082 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24082 title Fedora Core 5 : dovecot-1.0-0.beta8.3.fc5 (2006-1504) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2006-1504. # include("compat.inc"); if (description) { script_id(24082); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:24"); script_xref(name:"FEDORA", value:"2006-1504"); script_name(english:"Fedora Core 5 : dovecot-1.0-0.beta8.3.fc5 (2006-1504)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Thu Dec 21 2006 Tomas Janousek <tjanouse at redhat.com> - 1.0-0.beta8.3.fc5 - fixed default paths in the example mkcert.sh to match configuration defaults (fixes #183151) - fixed off by one (#216508, CVE-2006-5973) - Thu Jun 8 2006 Petr Rockai <prockai at redhat.com> - 1.0-0.beta8.2.fc5 - bring FC-5 branch up to date with the rawhide one (bugfixes only) - should fix non-working pop3 in default installation - Thu Jun 8 2006 Petr Rockai <prockai at redhat.com> - 1.0-0.beta8.2 - put back pop3_uidl_format default that got lost in the beta2->beta7 upgrade (would cause pop3 to not work at all in many situations) - Thu May 4 2006 Petr Rockai <prockai at redhat.com> - 1.0-0.beta8.1 - upgrade to latest upstream beta release (beta8) - contains a security fix in mbox handling - Thu May 4 2006 Petr Rockai <prockai at redhat.com> - 1.0-0.beta7.1 - upgrade to latest upstream beta release - fixed BR 173048 - Fri Mar 17 2006 Petr Rockai <prockai at redhat.com> - 1.0-0.beta2.8 - fix sqlite detection in upstream configure checks, second part of #182240 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/package-announce/2006-December/001172.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?2ecd3071" ); script_set_attribute( attribute:"solution", value:"Update the affected dovecot and / or dovecot-debuginfo packages." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:dovecot"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:dovecot-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:5"); script_set_attribute(attribute:"patch_publication_date", value:"2006/12/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/01/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 5.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC5", reference:"dovecot-1.0-0.beta8.3.fc5")) flag++; if (rpm_check(release:"FC5", reference:"dovecot-debuginfo-1.0-0.beta8.3.fc5")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dovecot / dovecot-debuginfo"); }NASL family SuSE Local Security Checks NASL id SUSE_DOVECOT-2306.NASL description Off-by-one buffer overflow in Dovecot 1.0 versions, when index files are used and mmap_disable is set to last seen 2020-06-01 modified 2020-06-02 plugin id 27201 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27201 title openSUSE 10 Security Update : dovecot (dovecot-2306) NASL family Fedora Local Security Checks NASL id FEDORA_2006-1396.NASL description - Tue Nov 21 2006 Petr Rockai <prockai at redhat.com> - 1.0-1.rc15 - update to latest upstream, fixes a few bugs, plus a security vulnerability (#216510, CVE-2006-5973) - Tue Oct 10 2006 Petr Rockai <prockai at redhat.com> - 1.0-0.3.rc7 - fix few inconsistencies in specfile, fixes #198940 - Wed Oct 4 2006 Petr Rockai <prockai at redhat.com> - 1.0-0.2.rc7 - fix default paths in the example mkcert.sh to match configuration defaults (fixes #183151) - Sun Oct 1 2006 Jesse Keating <jkeating at redhat.com> - 1.0-0.1.rc7 - rebuilt for unwind info generation, broken in gcc-4.1.1-21 - Fri Sep 22 2006 Petr Rockai <prockai at redhat.com> - 1.0-0.rc7 - update to latest upstream release candidate, should fix occasional hangs and mbox issues... INBOX. namespace is still broken though - do not run over symlinked certificates in new locations on upgrade - Tue Aug 15 2006 Petr Rockai <prockai at redhat.com> - 1.0-0.rc2.2 - include /var/lib/dovecot in the package, prevents startup failure on new installs - Mon Jul 17 2006 Petr Rockai <prockai at redhat.com> - 1.0-0.rc2.1 - reenable inotify and see what happens - Thu Jul 13 2006 Petr Rockai <prockai at redhat.com> - 1.0-0.rc2 - update to latest upstream release candidate - disable inotify for now, doesn last seen 2020-06-01 modified 2020-06-02 plugin id 24064 published 2007-01-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24064 title Fedora Core 6 : dovecot-1.0-1.rc15.fc6 (2006-1396) NASL family Fedora Local Security Checks NASL id FEDORA_2007-493.NASL description - Fri Mar 2 2007 Tomas Janousek <tjanouse at redhat.com> - 1.0-0.beta8.4.fc5 - a little master login fix (#224925) - fix for CVE-2007-2231 (#238440) - Thu Dec 21 2006 Tomas Janousek <tjanouse at redhat.com> - 1.0-0.beta8.3.fc5 - fixed default paths in the example mkcert.sh to match configuration defaults (fixes #183151) - fixed off by one (#216508, CVE-2006-5973) - Thu Jun 8 2006 Petr Rockai <prockai at redhat.com> - 1.0-0.beta8.2.fc5 - bring FC-5 branch up to date with the rawhide one (bugfixes only) - should fix non-working pop3 in default installation - Thu Jun 8 2006 Petr Rockai <prockai at redhat.com> - 1.0-0.beta8.2 - put back pop3_uidl_format default that got lost in the beta2->beta7 upgrade (would cause pop3 to not work at all in many situations) - Thu May 4 2006 Petr Rockai <prockai at redhat.com> - 1.0-0.beta8.1 - upgrade to latest upstream beta release (beta8) - contains a security fix in mbox handling - Thu May 4 2006 Petr Rockai <prockai at redhat.com> - 1.0-0.beta7.1 - upgrade to latest upstream beta release - fixed BR 173048 - Fri Mar 17 2006 Petr Rockai <prockai at redhat.com> - 1.0-0.beta2.8 - fix sqlite detection in upstream configure checks, second part of #182240 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 25183 published 2007-05-10 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25183 title Fedora Core 5 : dovecot-1.0-0.beta8.4.fc5 (2007-493)
References
- http://dovecot.org/list/dovecot-news/2006-November/000023.html
- http://dovecot.org/list/dovecot-news/2006-November/000023.html
- http://dovecot.org/pipermail/dovecot-news/2006-November/000024.html
- http://dovecot.org/pipermail/dovecot-news/2006-November/000024.html
- http://secunia.com/advisories/23007
- http://secunia.com/advisories/23007
- http://secunia.com/advisories/23150
- http://secunia.com/advisories/23150
- http://secunia.com/advisories/23172
- http://secunia.com/advisories/23172
- http://secunia.com/advisories/23213
- http://secunia.com/advisories/23213
- http://securitytracker.com/id?1017288
- http://securitytracker.com/id?1017288
- http://www.novell.com/linux/security/advisories/2006_73_mono.html
- http://www.novell.com/linux/security/advisories/2006_73_mono.html
- http://www.securityfocus.com/archive/1/452081/100/0/threaded
- http://www.securityfocus.com/archive/1/452081/100/0/threaded
- http://www.securityfocus.com/bid/21183/info
- http://www.securityfocus.com/bid/21183/info
- http://www.ubuntu.com/usn/usn-387-1
- http://www.ubuntu.com/usn/usn-387-1
- http://www.vupen.com/english/advisories/2006/4614
- http://www.vupen.com/english/advisories/2006/4614
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30433
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30433
- https://issues.rpath.com/browse/RPL-802
- https://issues.rpath.com/browse/RPL-802