ID CVE-2007-2231
Summary Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
References
Vulnerable Configurations
  • cpe:2.3:a:dovecot:dovecot:1.0.beta1:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.beta1:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.beta2:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.beta2:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.beta3:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.beta3:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.beta4:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.beta4:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.beta5:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.beta5:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.beta6:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.beta6:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.beta7:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.beta7:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.beta8:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.beta8:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.beta9:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.beta9:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc1:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc1:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc2:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc2:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc3:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc3:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc4:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc4:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc5:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc5:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc6:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc6:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc7:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc7:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc8:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc8:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc9:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc9:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc10:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc10:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc11:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc11:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc12:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc12:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc13:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc13:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc14:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc14:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc15:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc15:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc16:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc16:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc17:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc17:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc18:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc18:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc19:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc19:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc20:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc20:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc21:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc21:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc22:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc22:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc23:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc23:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc24:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc24:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc25:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc25:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc26:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc26:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc27:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc27:*:*:*:*:*:*:*
  • cpe:2.3:a:dovecot:dovecot:1.0.rc28:*:*:*:*:*:*:*
    cpe:2.3:a:dovecot:dovecot:1.0.rc28:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 16-10-2018 - 16:42)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
oval via4
accepted 2013-04-29T04:10:34.145-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
family unix
id oval:org.mitre.oval:def:10995
status accepted
submitted 2010-07-09T03:56:16-04:00
title Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
version 19
redhat via4
advisories
rhsa
id RHSA-2008:0297
rpms dovecot-0:1.0.7-2.el5
refmap via4
bid 23552
bugtraq 20070418 rPSA-2007-0074-1 dovecot
confirm http://dovecot.org/doc/NEWS
debian DSA-1359
mlist
  • [dovecot-cvs] 20070330 dovecot/src/lib-storage/index/mbox mbox-storage.c, 1.145.2.14, 1.145.2.15
  • [dovecot-news] 20070330 Security hole #3: zlib plugin allows opening any gziped mboxes
secunia
  • 25072
  • 30342
suse SUSE-SR:2007:008
ubuntu USN-487-1
vupen ADV-2007-1452
xf dovecot-mboxstorage-directory-traversal(34082)
statements via4
contributor Joshua Bressers
lastmodified 2008-05-21
organization Red Hat
statement This issue did not affect Red Hat Enterprise Linux prior to version 5. An update to Red Hat Enterprise Linux 5 was released to correct this issue: https://rhn.redhat.com/errata/RHSA-2008-0297.html
Last major update 16-10-2018 - 16:42
Published 25-04-2007 - 15:19
Back to Top