|
Family: Misc. --> Category: attack
Dovecot Directory Traversal Vulnerability Vulnerability Scan
Vulnerability Scan Summary Tries to list contents of mbox root parent directory in Dovecot
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote IMAP server is affected by a directory traversal
vulnerability.
Description :
The remote host is running Dovecot, an open-source IMAP4 / POP3 server
for Linux / Unix.
The version of Dovecot installed on the remote host fails to filter
directory traversal sequences from user-supplied input to IMAP
commands such as LIST and DELETE. An authenticated attacker may be
able to leverage this issue to list directories and files in the mbox
root's parent directory or possibly to delete index files used by the
application.
See also :
http://www.securityfocus.com/archive/1/archive/1/433878/100/0/threaded
http://www.dovecot.org/list/dovecot/2006-May/013385.html
Solution :
Upgrade to Dovecot version 1.0 beta8 or later.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|