CVE-2006-2414 — Path Traversal in Dovecot

5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

1.1%

top 22.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Dovecot Debian Dovecot Timo Sirainen Dovecot

Timeline

PublishedMay 16

Latest updateMay 1

Description

Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/dovecot< dovecot 1.0.beta8-1 (bookworm)

▶Debiandovecot/dovecot< 1.0.beta8-1+3

▶NVDtimo_sirainen/dovecot4 versions+3

Patches

Patch: www.dovecot.org ↗Patch: www.securityfocus.com ↗Patch: www.dovecot.org ↗

🔴Vulnerability Details

GHSA

GHSA-w66v-p2rf-jx67: Directory traversal vulnerability in Dovecot 1↗2022-05-01

▶

OSV

CVE-2006-2414: Directory traversal vulnerability in Dovecot 1↗2006-05-16

▶

📋Vendor Advisories

Debian

CVE-2006-2414: dovecot - Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote atta...↗2006

▶

Red Hat

CVE-2006-2414: Directory traversal vulnerability in Dovecot 1↗

▶