CVE-2007-2231

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2007-2231
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://dovecot.org/doc/NEWS
http://dovecot.org/list/dovecot-cvs/2007-March/008488.html
http://dovecot.org/list/dovecot-news/2007-March/000038.html
http://secunia.com/advisories/25072
http://secunia.com/advisories/30342
http://www.debian.org/security/2007/dsa-1359
http://www.novell.com/linux/security/advisories/2007_8_sr.html
http://www.redhat.com/support/errata/RHSA-2008-0297.html
http://www.securityfocus.com/archive/1/466168/100/0/threaded
http://www.securityfocus.com/bid/23552
http://www.ubuntu.com/usn/usn-487-1
http://www.vupen.com/english/advisories/2007/1452
https://exchange.xforce.ibmcloud.com/vulnerabilities/34082
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10995
http://dovecot.org/doc/NEWS
http://dovecot.org/list/dovecot-cvs/2007-March/008488.html
http://dovecot.org/list/dovecot-news/2007-March/000038.html
http://secunia.com/advisories/25072
http://secunia.com/advisories/30342
http://www.debian.org/security/2007/dsa-1359
http://www.novell.com/linux/security/advisories/2007_8_sr.html
http://www.redhat.com/support/errata/RHSA-2008-0297.html
http://www.securityfocus.com/archive/1/466168/100/0/threaded
http://www.securityfocus.com/bid/23552
http://www.ubuntu.com/usn/usn-487-1
http://www.vupen.com/english/advisories/2007/1452
https://exchange.xforce.ibmcloud.com/vulnerabilities/34082
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10995
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:dovecot:dovecot:1.0.beta1:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.beta2:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.beta3:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.beta4:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.beta5:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.beta6:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.beta7:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.beta8:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.beta9:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc1:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc2:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc3:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc4:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc5:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc6:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc7:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc8:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc9:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc10:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc11:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc12:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc13:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc14:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc15:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc16:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc17:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc18:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc19:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc20:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc21:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc22:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc23:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc24:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc25:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc26:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc27:*:*:*:*:*:*:*
cpe:2.3:a:dovecot:dovecot:1.0.rc28:*:*:*:*:*:*:*
History

21 Nov 2024, 00:30

Type Values Removed Values Added
References () http://dovecot.org/doc/NEWS - () http://dovecot.org/doc/NEWS -
References () http://dovecot.org/list/dovecot-cvs/2007-March/008488.html - () http://dovecot.org/list/dovecot-cvs/2007-March/008488.html -
References () http://dovecot.org/list/dovecot-news/2007-March/000038.html - () http://dovecot.org/list/dovecot-news/2007-March/000038.html -
References () http://secunia.com/advisories/25072 - () http://secunia.com/advisories/25072 -
References () http://secunia.com/advisories/30342 - () http://secunia.com/advisories/30342 -
References () http://www.debian.org/security/2007/dsa-1359 - () http://www.debian.org/security/2007/dsa-1359 -
References () http://www.novell.com/linux/security/advisories/2007_8_sr.html - () http://www.novell.com/linux/security/advisories/2007_8_sr.html -
References () http://www.redhat.com/support/errata/RHSA-2008-0297.html - () http://www.redhat.com/support/errata/RHSA-2008-0297.html -
References () http://www.securityfocus.com/archive/1/466168/100/0/threaded - () http://www.securityfocus.com/archive/1/466168/100/0/threaded -
References () http://www.securityfocus.com/bid/23552 - () http://www.securityfocus.com/bid/23552 -
References () http://www.ubuntu.com/usn/usn-487-1 - () http://www.ubuntu.com/usn/usn-487-1 -
References () http://www.vupen.com/english/advisories/2007/1452 - () http://www.vupen.com/english/advisories/2007/1452 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/34082 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/34082 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10995 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10995 -
Information

Published : 2007-04-25 15:19

Updated : 2025-04-09 00:30

NVD link : CVE-2007-2231

Mitre link : CVE-2007-2231

CVE.ORG link : CVE-2007-2231

JSON object : View

Products Affected

dovecot

  • dovecot
CWE
NVD-CWE-Other