CVE-2006-2414

N/A Unknown

Published: May 16, 2006 Modified: April 16, 2026

Description

Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://dovecot.org/list/dovecot-cvs/2006-May/005563.html

Source: cve@mitre.org

http://secunia.com/advisories/20308

Source: cve@mitre.org

http://secunia.com/advisories/20315

Source: cve@mitre.org

http://securityreason.com/securityalert/913

Source: cve@mitre.org

http://www.debian.org/security/2006/dsa-1080

Source: cve@mitre.org

http://www.dovecot.org/list/dovecot-news/2006-May/000006.html

Source: cve@mitre.org

Patch

http://www.securityfocus.com/archive/1/433878/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/17961

Source: cve@mitre.org

Patch

http://www.vupen.com/english/advisories/2006/2013

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/26536

Source: cve@mitre.org

http://dovecot.org/list/dovecot-cvs/2006-May/005563.html