Published: 01/12/2008 Updated: 08/08/2017

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote malicious users to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dovecot dovecot 1.0.12
dovecot dovecot 1.0.3
dovecot dovecot 1.0.9
dovecot dovecot 1.1
dovecot dovecot 1.0
dovecot dovecot 1.0.2
dovecot dovecot 1.0.10
dovecot dovecot 1.0.6
dovecot dovecot 1.1.2
dovecot dovecot 1.1.3
dovecot dovecot 1.0.4
dovecot dovecot 1.0.5
dovecot dovecot 1.1.0
dovecot dovecot 1.1.1
dovecot dovecot 0.99.13
dovecot dovecot 0.99.14
dovecot dovecot 1.0.7
dovecot dovecot 1.0.8
dovecot dovecot 1.1.4
dovecot dovecot 1.1.5

It was discovered that the ACL plugin in Dovecot would incorrectly handle negative access rights An attacker could exploit this flaw to access the Dovecot server, bypassing the intended access restrictions This only affected Ubuntu 804 LTS (CVE-2008-4577) ...

CWE-22 http://www.dovecot.org/list/dovecot/2008-November/035259.html http://secunia.com/advisories/32768 http://www.securityfocus.com/bid/32582 http://www.ubuntu.com/usn/USN-838-1 http://secunia.com/advisories/36904 http://www.vupen.com/english/advisories/2008/3190 https://exchange.xforce.ibmcloud.com/vulnerabilities/46672 https://usn.ubuntu.com/838-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-5301

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect