CVE-2007-2231

Published: Apr 25, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

USN-487-1

vendor-advisory

x_refsource_UBUNTU

30342

third-party-advisory

x_refsource_SECUNIA

RHSA-2008:0297

vendor-advisory

x_refsource_REDHAT

23552

vdb-entry

x_refsource_BID

DSA-1359

vendor-advisory

x_refsource_DEBIAN

http://dovecot.org/doc/NEWS

x_refsource_CONFIRM

[dovecot-cvs] 20070330 dovecot/src/lib-storage/index/mbox mbox-storage.c, 1.145.2.14, 1.145.2.15

mailing-list

x_refsource_MLIST

oval:org.mitre.oval:def:10995

vdb-entry

signature

x_refsource_OVAL

dovecot-mboxstorage-directory-traversal(34082)

vdb-entry

x_refsource_XF

SUSE-SR:2007:008

vendor-advisory

x_refsource_SUSE

ADV-2007-1452

vdb-entry

x_refsource_VUPEN

[dovecot-news] 20070330 Security hole #3: zlib plugin allows opening any gziped mboxes

mailing-list

x_refsource_MLIST

25072

third-party-advisory

x_refsource_SECUNIA

20070418 rPSA-2007-0074-1 dovecot

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2007-2231

Description

Affected Products

References