CVE-2006-5974 - Vulnerability Details - OpenCVE

fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fetchmail	Fetchmail

Configuration 1 [-]

OR	cpe:2.3:a:fetchmail:fetchmail:6.3.5:::::::*
	cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc1::::::
	cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc2::::::
	cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc3::::::

No data.

References

Link	Providers
http://fedoranews.org/cms/node/2429
http://fetchmail.berlios.de/fetchmail-SA-2006-03.txt
http://osvdb.org/31836
http://secunia.com/advisories/23631
http://secunia.com/advisories/23804
http://secunia.com/advisories/23838
http://secunia.com/advisories/23923
http://secunia.com/advisories/24151
http://security.gentoo.org/glsa/glsa-200701-13.xml
http://securitytracker.com/id?1017479
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.517995
http://www.novell.com/linux/security/advisories/2007_4_sr.html
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.004.html
http://www.securityfocus.com/archive/1/456114/100/0/threaded
http://www.securityfocus.com/bid/21902
http://www.trustix.org/errata/2007/0007
http://www.vupen.com/english/advisories/2007/0087
http://www.vupen.com/english/advisories/2007/0088

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-09T00:00:00

Updated: 2024-08-07T20:12:31.425Z

Reserved: 2006-11-20T00:00:00

Link: CVE-2006-5974

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-12-31T05:00:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2006-5974

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-04T00:00:00", "descriptions": [{"lang": "en", "value": "fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1017479", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017479"}, {"name": "SSA:2007-024-01", "tags": ["vendor-advisory", "x_refsource_SLACKWARE"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.517995"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://fetchmail.berlios.de/fetchmail-SA-2006-03.txt"}, {"name": "23838", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23838"}, {"name": "24151", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/24151"}, {"name": "20070105 fetchmail security announcement 2006-03 (CVE-2006-5974)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/456114/100/0/threaded"}, {"name": "23631", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23631"}, {"name": "23804", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23804"}, {"name": "ADV-2007-0088", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0088"}, {"name": "SUSE-SR:2007:004", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"}, {"name": "FEDORA-2007-041", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://fedoranews.org/cms/node/2429"}, {"name": "23923", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23923"}, {"name": "31836", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/31836"}, {"name": "OpenPKG-SA-2007.004", "tags": ["vendor-advisory", "x_refsource_OPENPKG"], "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.004.html"}, {"name": "2007-0007", "tags": ["vendor-advisory", "x_refsource_TRUSTIX"], "url": "http://www.trustix.org/errata/2007/0007"}, {"name": "GLSA-200701-13", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200701-13.xml"}, {"name": "ADV-2007-0087", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/0087"}, {"name": "21902", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21902"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5974", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1017479", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017479"}, {"name": "SSA:2007-024-01", "refsource": "SLACKWARE", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.517995"}, {"name": "http://fetchmail.berlios.de/fetchmail-SA-2006-03.txt", "refsource": "CONFIRM", "url": "http://fetchmail.berlios.de/fetchmail-SA-2006-03.txt"}, {"name": "23838", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23838"}, {"name": "24151", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/24151"}, {"name": "20070105 fetchmail security announcement 2006-03 (CVE-2006-5974)", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/456114/100/0/threaded"}, {"name": "23631", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23631"}, {"name": "23804", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23804"}, {"name": "ADV-2007-0088", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0088"}, {"name": "SUSE-SR:2007:004", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"}, {"name": "FEDORA-2007-041", "refsource": "FEDORA", "url": "http://fedoranews.org/cms/node/2429"}, {"name": "23923", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23923"}, {"name": "31836", "refsource": "OSVDB", "url": "http://osvdb.org/31836"}, {"name": "OpenPKG-SA-2007.004", "refsource": "OPENPKG", "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.004.html"}, {"name": "2007-0007", "refsource": "TRUSTIX", "url": "http://www.trustix.org/errata/2007/0007"}, {"name": "GLSA-200701-13", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200701-13.xml"}, {"name": "ADV-2007-0087", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/0087"}, {"name": "21902", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21902"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:12:31.425Z"}, "title": "CVE Program Container", "references": [{"name": "1017479", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017479"}, {"name": "SSA:2007-024-01", "tags": ["vendor-advisory", "x_refsource_SLACKWARE", "x_transferred"], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.517995"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://fetchmail.berlios.de/fetchmail-SA-2006-03.txt"}, {"name": "23838", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23838"}, {"name": "24151", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/24151"}, {"name": "20070105 fetchmail security announcement 2006-03 (CVE-2006-5974)", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/456114/100/0/threaded"}, {"name": "23631", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23631"}, {"name": "23804", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23804"}, {"name": "ADV-2007-0088", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0088"}, {"name": "SUSE-SR:2007:004", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"}, {"name": "FEDORA-2007-041", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://fedoranews.org/cms/node/2429"}, {"name": "23923", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23923"}, {"name": "31836", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/31836"}, {"name": "OpenPKG-SA-2007.004", "tags": ["vendor-advisory", "x_refsource_OPENPKG", "x_transferred"], "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.004.html"}, {"name": "2007-0007", "tags": ["vendor-advisory", "x_refsource_TRUSTIX", "x_transferred"], "url": "http://www.trustix.org/errata/2007/0007"}, {"name": "GLSA-200701-13", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200701-13.xml"}, {"name": "ADV-2007-0087", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/0087"}, {"name": "21902", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/21902"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5974", "datePublished": "2007-01-09T00:00:00", "dateReserved": "2006-11-20T00:00:00", "dateUpdated": "2024-08-07T20:12:31.425Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "5D09BB43-6CBA-499B-91D1-BA256A65E40D", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc1:*:*:*:*:*:*", "matchCriteriaId": "B98AFEDF-2BAB-4588-94E0-35AEA5F1B514", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc2:*:*:*:*:*:*", "matchCriteriaId": "4E8BAB5B-4DBC-4D05-B5E2-591573BC05FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:fetchmail:fetchmail:6.3.6:rc3:*:*:*:*:*:*", "matchCriteriaId": "02F6E729-A2F2-42AC-A941-F57A0A4E84A0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions."}, {"lang": "es", "value": "fetchmail 6.3.5 y 6.3.6-rc4, cuando rechazan un mensaje entregado mediante la opci\u00f3n mda, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante vectores desconocidos que disparan una referencia a puntero nulo cuando se llama a las funciones (1) ferror o (2) fflush."}], "id": "CVE-2006-5974", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://fedoranews.org/cms/node/2429"}, {"source": "cve@mitre.org", "url": "http://fetchmail.berlios.de/fetchmail-SA-2006-03.txt"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/31836"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23631"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23804"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23838"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23923"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24151"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200701-13.xml"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017479"}, {"source": "cve@mitre.org", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.517995"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"}, {"source": "cve@mitre.org", "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.004.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/456114/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/21902"}, {"source": "cve@mitre.org", "url": "http://www.trustix.org/errata/2007/0007"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0087"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/0088"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://fedoranews.org/cms/node/2429"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://fetchmail.berlios.de/fetchmail-SA-2006-03.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/31836"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23631"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23804"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23838"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/23923"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/24151"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200701-13.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1017479"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.517995"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2007_4_sr.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/456114/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/21902"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.trustix.org/errata/2007/0007"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0087"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2007/0088"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Not vulnerable. This issue does not affect the versions of fetchmail distributed with Red Hat Enterprise Linux 2.1, 3, or 4.", "lastModified": "2007-01-11T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}