Vulnerabilities > CVE-2006-2414 - Remote Information Disclosure vulnerability in Dovecot
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1080.NASL description A problem has been discovered in the IMAP component of Dovecot, a secure mail server that supports mbox and maildir mailboxes, which can lead to information disclosure via directory traversal by authenticated users. last seen 2020-06-01 modified 2020-06-02 plugin id 22622 published 2006-10-14 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22622 title Debian DSA-1080-1 : dovecot - programming error code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1080. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(22622); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:19"); script_cve_id("CVE-2006-2414"); script_xref(name:"DSA", value:"1080"); script_name(english:"Debian DSA-1080-1 : dovecot - programming error"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "A problem has been discovered in the IMAP component of Dovecot, a secure mail server that supports mbox and maildir mailboxes, which can lead to information disclosure via directory traversal by authenticated users." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2006/dsa-1080" ); script_set_attribute( attribute:"solution", value: "Upgrade the dovecot-imapd package. The old stable distribution (woody) is not affected by this problem. For the stable distribution (sarge) this problem has been fixed in version 0.99.14-1sarge0." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:dovecot"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/05/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/05/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"3.1", prefix:"dovecot", reference:"0.99.14-1sarge0")) flag++; if (deb_check(release:"3.1", prefix:"dovecot-common", reference:"0.99.14-1sarge0")) flag++; if (deb_check(release:"3.1", prefix:"dovecot-imapd", reference:"0.99.14-1sarge0")) flag++; if (deb_check(release:"3.1", prefix:"dovecot-pop3d", reference:"0.99.14-1sarge0")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family SuSE Local Security Checks NASL id SUSE_DOVECOT-1398.NASL description Users could potentially find out mailbox names of other users (CVE-2006-2414). last seen 2020-06-01 modified 2020-06-02 plugin id 27199 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27199 title openSUSE 10 Security Update : dovecot (dovecot-1398) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update dovecot-1398. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27199); script_version ("1.12"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_cve_id("CVE-2006-2414"); script_name(english:"openSUSE 10 Security Update : dovecot (dovecot-1398)"); script_summary(english:"Check for the dovecot-1398 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "Users could potentially find out mailbox names of other users (CVE-2006-2414)." ); script_set_attribute( attribute:"solution", value:"Update the affected dovecot package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dovecot"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/05/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"dovecot-1.0.beta3-13.2") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dovecot"); }
NASL family Misc. NASL id DOVECOT_DIR_TRAVERSAL.NASL description The remote host is running Dovecot, an open source IMAP4 / POP3 server for Linux / Unix. The version of Dovecot installed on the remote host fails to filter directory traversal sequences from user-supplied input to IMAP commands such as LIST and DELETE. An authenticated attacker may be able to leverage this issue to list directories and files in the mbox root last seen 2020-06-01 modified 2020-06-02 plugin id 21559 published 2006-05-15 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21559 title Dovecot Multiple Command Traversal Arbitrary Directory Listing
Statements
contributor | Mark J Cox |
lastmodified | 2006-08-30 |
organization | Red Hat |
statement | Not vulnerable. This issue does not affect the versions of Dovecot distributed with Red Hat Enterprise Linux. |
References
- http://dovecot.org/list/dovecot-cvs/2006-May/005563.html
- http://secunia.com/advisories/20308
- http://secunia.com/advisories/20315
- http://securityreason.com/securityalert/913
- http://www.debian.org/security/2006/dsa-1080
- http://www.dovecot.org/list/dovecot-news/2006-May/000006.html
- http://www.securityfocus.com/archive/1/433878/100/0/threaded
- http://www.securityfocus.com/bid/17961
- http://www.vupen.com/english/advisories/2006/2013
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26536