Vulnerability Details : CVE-2006-2414
Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
Vulnerability category: Directory traversal
Products affected by CVE-2006-2414
- cpe:2.3:a:timo_sirainen:dovecot:1.0_beta7:*:*:*:*:*:*:*
- cpe:2.3:a:timo_sirainen:dovecot:1.0_beta2:*:*:*:*:*:*:*
- cpe:2.3:a:timo_sirainen:dovecot:1.0_beta3:*:*:*:*:*:*:*
- cpe:2.3:a:timo_sirainen:dovecot:1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-2414
0.62%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-2414
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
Vendor statements for CVE-2006-2414
-
Red Hat 2006-08-30Not vulnerable. This issue does not affect the versions of Dovecot distributed with Red Hat Enterprise Linux.
References for CVE-2006-2414
-
http://dovecot.org/list/dovecot-cvs/2006-May/005563.html
[dovecot-cvs] dovecot/src/lib-storage/index/mbox mbox-storage.c, 1.145, 1.145.2.1
-
http://www.securityfocus.com/archive/1/433878/100/0/threaded
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/26536
Dovecot IMAP LIST information disclosure CVE-2006-2414 Vulnerability Report
-
http://www.securityfocus.com/bid/17961
Patch
-
http://www.debian.org/security/2006/dsa-1080
[SECURITY] [DSA 1080-1] New dovecot packages fix directory traversal
-
http://www.vupen.com/english/advisories/2006/2013
Site en construction
-
http://www.dovecot.org/list/dovecot-news/2006-May/000006.html
[Dovecot-news] Security hole with mboxesPatch
-
http://securityreason.com/securityalert/913
Dovecot IMAP: Mailbox names list disclosure with mboxes - CXSecurity.com
Jump to