ID CVE-2006-2414
Summary Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
References
Vulnerable Configurations
  • cpe:2.3:a:timo_sirainen:dovecot:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:timo_sirainen:dovecot:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:timo_sirainen:dovecot:1.0_beta2:*:*:*:*:*:*:*
    cpe:2.3:a:timo_sirainen:dovecot:1.0_beta2:*:*:*:*:*:*:*
  • cpe:2.3:a:timo_sirainen:dovecot:1.0_beta3:*:*:*:*:*:*:*
    cpe:2.3:a:timo_sirainen:dovecot:1.0_beta3:*:*:*:*:*:*:*
  • cpe:2.3:a:timo_sirainen:dovecot:1.0_beta7:*:*:*:*:*:*:*
    cpe:2.3:a:timo_sirainen:dovecot:1.0_beta7:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 18-10-2018 - 16:39)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid 17961
bugtraq 20060512 Dovecot IMAP: Mailbox names list disclosure with mboxes
confirm http://dovecot.org/list/dovecot-cvs/2006-May/005563.html
debian DSA-1080
misc http://www.dovecot.org/list/dovecot-news/2006-May/000006.html
secunia
  • 20308
  • 20315
sreason 913
vupen ADV-2006-2013
xf dovecot-imap-list-information-disclosure(26536)
statements via4
contributor Mark J Cox
lastmodified 2006-08-30
organization Red Hat
statement Not vulnerable. This issue does not affect the versions of Dovecot distributed with Red Hat Enterprise Linux.
Last major update 18-10-2018 - 16:39
Published 16-05-2006 - 10:02
Back to Top