CVE-2006-2414
EPSS 1.1%dovecot - programming error
Published: 5/16/2006Modified: 4/28/2026
Also known as:DEBIAN-CVE-2006-2414
Description
Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
Affected packages (2)
- Debian/dovecotfrom 0, < 1.0.beta8-1
- Debian/dovecotfrom 0, < 0.99.14-1sarge0