CVE-2006-2414

NameCVE-2006-2414
DescriptionDirectory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-1080-1
NVD severitymedium (attack range: remote)
Debian/oldoldstablenot vulnerable.
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
dovecot (PTS)squeeze, squeeze (security)1:1.2.15-7fixed
squeeze (lts)1:1.2.15-7+deb6u1fixed
wheezy (security), wheezy1:2.1.7-7+deb7u1fixed
jessie1:2.2.13-11fixed
stretch1:2.2.18-1fixed
sid1:2.2.18-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
dovecotsource(unstable)1.0.beta8-1low
dovecotsourcesarge0.99.14-1sarge0mediumDSA-1080-1

Notes

[sarge] - dovecot <not-affected> (vulnerability introduced in 1.0)

Search for package or bug name: Reporting problems