CVE-2008-5301
Published: 1 December 2008
Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
Notes
Author | Note |
---|---|
mdeslaur | ManageSieve is only present as a patch in Intrepid+ |
Priority
Status
Package | Release | Status |
---|---|---|
dovecot Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(code not present)
|
gutsy |
Not vulnerable
(code not present)
|
|
hardy |
Not vulnerable
(code not present)
|
|
intrepid |
Released
(1:1.1.4-0ubuntu1.3)
|
|
jaunty |
Not vulnerable
(1:1.1.11-0ubuntu2)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://www.rename-it.nl/dovecot/1.1/dovecot-1.1-managesieve-0.10.3-security.patch |