CVE-2006-2414 | Vulnerability Database | Aqua Security

Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via .. sequences in the (1) LIST or (2) DELETE IMAP command.

Affected Software

Name	Vendor	Start Version	End Version
Dovecot	Timo_sirainen	1.0 (including)	1.0 (including)
Dovecot	Timo_sirainen	1.0_beta2 (including)	1.0_beta2 (including)
Dovecot	Timo_sirainen	1.0_beta3 (including)	1.0_beta3 (including)
Dovecot	Timo_sirainen	1.0_beta7 (including)	1.0_beta7 (including)
Dovecot	Ubuntu	dapper	*
Dovecot	Ubuntu	devel	*
Dovecot	Ubuntu	edgy	*
Dovecot	Ubuntu	feisty	*

References

http://dovecot.org/list/dovecot-cvs/2006-May/005563.html
http://secunia.com/advisories/20308
http://secunia.com/advisories/20315
http://securityreason.com/securityalert/913
http://www.debian.org/security/2006/dsa-1080
http://www.dovecot.org/list/dovecot-news/2006-May/000006.html
http://www.securityfocus.com/archive/1/433878/100/0/threaded
http://www.securityfocus.com/bid/17961
http://www.vupen.com/english/advisories/2006/2013
https://exchange.xforce.ibmcloud.com/vulnerabilities/26536
http://dovecot.org/list/dovecot-cvs/2006-May/005563.html
http://secunia.com/advisories/20308
http://secunia.com/advisories/20315
http://securityreason.com/securityalert/913
http://www.debian.org/security/2006/dsa-1080
http://www.dovecot.org/list/dovecot-news/2006-May/000006.html
http://www.securityfocus.com/archive/1/433878/100/0/threaded
http://www.securityfocus.com/bid/17961
http://www.vupen.com/english/advisories/2006/2013
https://exchange.xforce.ibmcloud.com/vulnerabilities/26536

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-2414
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html