CVE-2006-2414 - Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files

CVE-2006-2414

Summary

Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.

References

Vulnerable Configurations

cpe:2.3:a:timo_sirainen:dovecot:1.0:*:*:*:*:*:*:*
cpe:2.3:a:timo_sirainen:dovecot:1.0:*:*:*:*:*:*:*
cpe:2.3:a:timo_sirainen:dovecot:1.0_beta2:*:*:*:*:*:*:*
cpe:2.3:a:timo_sirainen:dovecot:1.0_beta2:*:*:*:*:*:*:*
cpe:2.3:a:timo_sirainen:dovecot:1.0_beta3:*:*:*:*:*:*:*
cpe:2.3:a:timo_sirainen:dovecot:1.0_beta3:*:*:*:*:*:*:*
cpe:2.3:a:timo_sirainen:dovecot:1.0_beta7:*:*:*:*:*:*:*
cpe:2.3:a:timo_sirainen:dovecot:1.0_beta7:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 18-10-2018 - 16:39)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	17961
bugtraq	20060512 Dovecot IMAP: Mailbox names list disclosure with mboxes
confirm	http://dovecot.org/list/dovecot-cvs/2006-May/005563.html
debian	DSA-1080
misc	http://www.dovecot.org/list/dovecot-news/2006-May/000006.html
secunia	20308 20315
sreason	913
vupen	ADV-2006-2013
xf	dovecot-imap-list-information-disclosure(26536)

statements via4

contributor	Mark J Cox
lastmodified	2006-08-30
organization	Red Hat
statement	Not vulnerable. This issue does not affect the versions of Dovecot distributed with Red Hat Enterprise Linux.

Last major update

18-10-2018 - 16:39

Published

16-05-2006 - 10:02

Last modified

18-10-2018 - 16:39