Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2414

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2414
Last Modified 07 Mar 2011 09:36:09
Published 16 May 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2414

Summary

Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.

Vulnerable Systems

Application

  • Timo Sirainen Dovecot 1.0

  • Timo Sirainen Dovecot 1.0 Beta2

  • Timo Sirainen Dovecot 1.0 Beta3

  • Timo Sirainen Dovecot 1.0 Beta7


References

BID - 17961

BUGTRAQ - 20060512 Dovecot IMAP: Mailbox names list disclosure with mboxes

MISC - http://www.dovecot.org/list/dovecot-news/2006-May/000006.html

XF - dovecot-imap-list-information-disclosure(26536)

VUPEN - ADV-2006-2013

DEBIAN - DSA-1080

SECUNIA - 20315

SECUNIA - 20308

CONFIRM - http://dovecot.org/list/dovecot-cvs/2006-May/005563.html

SREASON - 913


Last Updated: 27 May 2016 10:42:28