Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5301

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2008-5301
Last Modified 07 Mar 2011 10:14:21
Published 01 Dec 2008 12:30:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5301

Summary

Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.

Vulnerable Systems

Application

  • Dovecot 0.99.13

  • Dovecot 0.99.14

  • Dovecot 1.0

  • Dovecot 1.0.10

  • Dovecot 1.0.12

  • Dovecot 1.0.2

  • Dovecot 1.0.3

  • Dovecot 1.0.4

  • Dovecot 1.0.5

  • Dovecot 1.0.6

  • Dovecot 1.0.7

  • Dovecot 1.0.8

  • Dovecot 1.0.9

  • Dovecot 1.1

  • Dovecot 1.1.0

  • Dovecot 1.1.1

  • Dovecot 1.1.2

  • Dovecot 1.1.3

  • Dovecot 1.1.4

  • Dovecot 1.1.5


References

MLIST - [Dovecot] 20081117 ManageSieve SECURITY hole: virtual users can edit scripts of other virtual users (all versions)

XF - managesieve-sieve-directory-traversal(46672)

VUPEN - ADV-2008-3190

UBUNTU - USN-838-1

BID - 32582

SECUNIA - 36904

SECUNIA - 32768


Last Updated: 27 May 2016 10:48:46