CVE-2006-2414

Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.

Published: May 16, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-2414
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
timo_sirainen / dovecot	1.0_beta7	1.0_beta7.x
timo_sirainen / dovecot	1.0_beta2	1.0_beta2.x
timo_sirainen / dovecot	1.0	1.0.x
timo_sirainen / dovecot	1.0_beta3	1.0_beta3.x

http://dovecot.org/list/dovecot-cvs/2006-May/005563.html
http://secunia.com/advisories/20308
http://secunia.com/advisories/20315
http://securityreason.com/securityalert/913
http://www.debian.org/security/2006/dsa-1080
http://www.dovecot.org/list/dovecot-news/2006-May/000006.html
http://www.securityfocus.com/archive/1/433878/100/0/threaded
http://www.securityfocus.com/bid/17961
http://www.vupen.com/english/advisories/2006/2013
https://exchange.xforce.ibmcloud.com/vulnerabilities/26536

Vulnerability Database

289,697

CVE-2006-2414