CVE-2006-5974

Common Vulnerabilities and Exposures

Upstream information

CVE-2006-5974 at MITRE

Description

fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions.

NVD CVSS v2 Base Score: 7.8 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

Novell/SUSE information

Novell Bugzilla entry: 223507, 239002

SUSE Security Advisories:

SUSE-SA:2007:008, published Fri, 12 Jan 2007 17:00:00 +0000
SUSE-SR:2007:001, published Fri, 19 Jan 2007 17:00:00 +0000
SUSE-SR:2007:003, published Fri, 16 Feb 2007 16:00:00 +0000
SUSE-SR:2007:004, published Fri, 16 Mar 2007 15:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
SUSE LINUX 10.0	`fetchmail >= 6.2.5.2-3.6`
SUSE LINUX 10.1	`fetchmail >= 6.3.2-15.8`
SUSE LINUX 9.3	`fetchmail >= 6.2.5-59.10`
Novell Linux Desktop 9 for x86 Novell Linux Desktop 9 for x86_64 Open Enterprise Server	`fetchmail >= 6.2.5-49.15`	sled10.x86 sles9-oes.x86 slrs8.x86 ul1.s390 sles10.s390x core9.s390 YOU Patch Nr: 11432 ZYPP Patch Nr: 2608
SUSE LINUX Retail Solution 8 SuSE Linux Desktop 1.0 SuSE Linux Enterprise Server 8 for AMD64 SuSE Linux Enterprise Server 8 for IBM iSeries and IBM pSeries SuSE Linux Enterprise Server 8 for IBM zSeries SuSE Linux Enterprise Server 8 for IPF SuSE Linux Openexchange Server 4 SuSE Linux School Server for i386 SuSE Linux Standard Server 8 UnitedLinux 1.0	`fetchmail >= 5.9.13-169`	sled10.x86 sles9-oes.x86 slrs8.x86 ul1.s390 sles10.s390x core9.s390 YOU Patch Nr: 11432 ZYPP Patch Nr: 2608

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy