CVE-2006-0321

Current Description

fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster.

Basic Data

PublishedJanuary 24, 2006
Last ModifiedOctober 19, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-20
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationFetchmailFetchmail6.3.0*******
    2.3ApplicationFetchmailFetchmail6.3.1*******

Vulnerable Software List

VendorProductVersions
Fetchmail Fetchmail 6.3.0, 6.3.1

References

NameSourceURLTags
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348747http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348747CONFIRM
http://developer.berlios.de/project/shownotes.php?release_id=8784http://developer.berlios.de/project/shownotes.php?release_id=8784CONFIRM
http://fetchmail.berlios.de/fetchmail-SA-2006-01.txthttp://fetchmail.berlios.de/fetchmail-SA-2006-01.txtCONFIRMPatch Vendor Advisory
APPLE-SA-2006-08-01http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.htmlAPPLE
18571http://secunia.com/advisories/18571SECUNIAVendor Advisory
18895http://secunia.com/advisories/18895SECUNIAVendor Advisory
21253http://secunia.com/advisories/21253SECUNIAVendor Advisory
1015527http://securitytracker.com/id?1015527SECTRACK
SSA:2006-045-01http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.443499SLACKWARE
22691http://www.osvdb.org/22691OSVDB
20060122 fetchmail security announcement fetchmail-SA-2006-01 (CVE-2006-0321)http://www.securityfocus.com/archive/1/422936/100/0/threadedBUGTRAQ
16365http://www.securityfocus.com/bid/16365BID
19289http://www.securityfocus.com/bid/19289BID
TA06-214Ahttp://www.us-cert.gov/cas/techalerts/TA06-214A.htmlCERTUS Government Resource
ADV-2006-0300http://www.vupen.com/english/advisories/2006/0300VUPEN
ADV-2006-3101http://www.vupen.com/english/advisories/2006/3101VUPEN
fetchmail-message-bounce-dos(24265)https://exchange.xforce.ibmcloud.com/vulnerabilities/24265XF