CVE-2008-5301
Published: 1 December 2008
Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
Notes
| Author | Note |
|---|---|
| mdeslaur | ManageSieve is only present as a patch in Intrepid+ |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
dovecot Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(code not present)
|
| gutsy |
Not vulnerable
(code not present)
|
|
| hardy |
Not vulnerable
(code not present)
|
|
| intrepid |
Released
(1:1.1.4-0ubuntu1.3)
|
|
| jaunty |
Not vulnerable
(1:1.1.11-0ubuntu2)
|
|
| upstream |
Needs triage
|
|
|
Patches: upstream: http://www.rename-it.nl/dovecot/1.1/dovecot-1.1-managesieve-0.10.3-security.patch |
||