Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2167

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2011-2167
Last Modified 07 Mar 2013 10:57:56
Published 24 May 2011 07:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2011-2167

Summary

script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.

Vulnerable Systems

Application

  • Dovecot 2.0.0

  • Dovecot 2.0.1

  • Dovecot 2.0.10

  • Dovecot 2.0.11

  • Dovecot 2.0.12

  • Dovecot 2.0.2

  • Dovecot 2.0.3

  • Dovecot 2.0.4

  • Dovecot 2.0.5

  • Dovecot 2.0.6

  • Dovecot 2.0.7

  • Dovecot 2.0.8

  • Dovecot 2.0.9


References

MLIST - [oss-security] 20110518 Dovecot releases

MLIST - [dovecot] 20110511 v2.0.13 released

XF - dovecot-scriptlogin-dir-traversal(67674)

BID - 48003

CONFIRM - http://www.dovecot.org/doc/NEWS-2.0

SECUNIA - 52311

REDHAT - RHSA-2013:0520


Last Updated: 27 May 2016 11:01:59