FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2006-5974

This CVE name corresponds to:

Entered Topic
2007-01-06 fetchmail -- crashes when refusing a message bound for an MDA

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2006-5974 at cve.mitre.org

Details

Type Candidate
Name CVE-2006-5974
Phase Assigned(20061120)

Description

fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions.

References

Source Reference
BUGTRAQ 20070105 fetchmail security announcement 2006-03 (CVE-2006-5974)
CONFIRM http://fetchmail.berlios.de/fetchmail-SA-2006-03.txt
FEDORA FEDORA-2007-041
GENTOO GLSA-200701-13
OPENPKG OpenPKG-SA-2007.004
SLACKWARE SSA:2007-024-01
SUSE SUSE-SR:2007:004
TRUSTIX 2007-0007
BID 21902
VUPEN ADV-2007-0087
VUPEN ADV-2007-0088
OSVDB 31836
SECTRACK 1017479
SECUNIA 23631
SECUNIA 23804
SECUNIA 23838
SECUNIA 23923
SECUNIA 24151

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.