Vulnerability Description
Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Timo Sirainen | Dovecot | 1.0 |
References
- http://dovecot.org/list/dovecot-cvs/2006-May/005563.html
- http://secunia.com/advisories/20308
- http://secunia.com/advisories/20315
- http://securityreason.com/securityalert/913
- http://www.debian.org/security/2006/dsa-1080
- http://www.dovecot.org/list/dovecot-news/2006-May/000006.htmlPatch
- http://www.securityfocus.com/archive/1/433878/100/0/threaded
- http://www.securityfocus.com/bid/17961Patch
- http://www.vupen.com/english/advisories/2006/2013
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26536
- http://dovecot.org/list/dovecot-cvs/2006-May/005563.html
- http://secunia.com/advisories/20308
- http://secunia.com/advisories/20315
- http://securityreason.com/securityalert/913
- http://www.debian.org/security/2006/dsa-1080
FAQ
What is CVE-2006-2414?
CVE-2006-2414 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (...
How severe is CVE-2006-2414?
CVE-2006-2414 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2414?
Check the references section above for vendor advisories and patch information. Affected products include: Timo Sirainen Dovecot.