CVE-2006-2414
dovecot - programming error
EPSS 1.1%
Description
Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
How to fix CVE-2006-2414
To remediate CVE-2006-2414, upgrade the affected package to a fixed version below.
- Debian/dovecot—upgrade to 1.0.beta8-1 or later
- Debian/dovecot—upgrade to 0.99.14-1sarge0 or later
Is CVE-2006-2414 being exploited?
Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.0.beta8-1
- from 0, < 0.99.14-1sarge0