Launchpad CVE tracker

CVE 2008-5301

Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.

Related bugs and status

CVE-2008-5301 (Candidate) is related to these bugs:

Bug #307291: Security hole in ManageSieve: Virtual users can edit scripts of other virtual users

Summary				In	Importance	Status
	307291	Security hole in ManageSieve: Virtual users can edit scripts of other virtual users		dovecot (Ubuntu)	Undecided	Fix Released
	307291	Security hole in ManageSieve: Virtual users can edit scripts of other virtual users		dovecot (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [Dovecot] 20081117 Man...
SECUNIA: 32768
BID: 32582
UBUNTU: USN-838-1
SECUNIA: 36904
VUPEN: ADV-2008-3190
XF: managesieve-sieve-dire...

Launchpad.net

CVE 2008-5301

Related bugs and status

Related bugs

References