fkie_nvd - fkie_cve-2007-2231

fkie_cve-2007-2231

Vulnerability from fkie_nvd

Published

2007-04-25 15:19

Modified

2025-04-09 00:30

Severity ?

Summary

Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.

References

▶	URL	Tags
	cve@mitre.org	http://dovecot.org/doc/NEWS
	cve@mitre.org	http://dovecot.org/list/dovecot-cvs/2007-March/008488.html
	cve@mitre.org	http://dovecot.org/list/dovecot-news/2007-March/000038.html
	cve@mitre.org	http://secunia.com/advisories/25072
	cve@mitre.org	http://secunia.com/advisories/30342
	cve@mitre.org	http://www.debian.org/security/2007/dsa-1359
	cve@mitre.org	http://www.novell.com/linux/security/advisories/2007_8_sr.html
	cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2008-0297.html
	cve@mitre.org	http://www.securityfocus.com/archive/1/466168/100/0/threaded
	cve@mitre.org	http://www.securityfocus.com/bid/23552
	cve@mitre.org	http://www.ubuntu.com/usn/usn-487-1
	cve@mitre.org	http://www.vupen.com/english/advisories/2007/1452
	cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/34082
	cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10995
	af854a3a-2127-422b-91ae-364da2661108	http://dovecot.org/doc/NEWS
	af854a3a-2127-422b-91ae-364da2661108	http://dovecot.org/list/dovecot-cvs/2007-March/008488.html
	af854a3a-2127-422b-91ae-364da2661108	http://dovecot.org/list/dovecot-news/2007-March/000038.html
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/25072
	af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/30342
	af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2007/dsa-1359
	af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2007_8_sr.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2008-0297.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/466168/100/0/threaded
	af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/23552
	af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/usn-487-1
	af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/1452
	af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/34082
	af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10995

Impacted products

Vendor	Product	Version
dovecot	dovecot	1.0.beta1
dovecot	dovecot	1.0.beta2
dovecot	dovecot	1.0.beta3
dovecot	dovecot	1.0.beta4
dovecot	dovecot	1.0.beta5
dovecot	dovecot	1.0.beta6
dovecot	dovecot	1.0.beta7
dovecot	dovecot	1.0.beta8
dovecot	dovecot	1.0.beta9
dovecot	dovecot	1.0.rc1
dovecot	dovecot	1.0.rc2
dovecot	dovecot	1.0.rc3
dovecot	dovecot	1.0.rc4
dovecot	dovecot	1.0.rc5
dovecot	dovecot	1.0.rc6
dovecot	dovecot	1.0.rc7
dovecot	dovecot	1.0.rc8
dovecot	dovecot	1.0.rc9
dovecot	dovecot	1.0.rc10
dovecot	dovecot	1.0.rc11
dovecot	dovecot	1.0.rc12
dovecot	dovecot	1.0.rc13
dovecot	dovecot	1.0.rc14
dovecot	dovecot	1.0.rc15
dovecot	dovecot	1.0.rc16
dovecot	dovecot	1.0.rc17
dovecot	dovecot	1.0.rc18
dovecot	dovecot	1.0.rc19
dovecot	dovecot	1.0.rc20
dovecot	dovecot	1.0.rc21
dovecot	dovecot	1.0.rc22
dovecot	dovecot	1.0.rc23
dovecot	dovecot	1.0.rc24
dovecot	dovecot	1.0.rc25
dovecot	dovecot	1.0.rc26
dovecot	dovecot	1.0.rc27
dovecot	dovecot	1.0.rc28

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.beta1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9FBEF6C-4A09-4661-BED0-8B5BC8BAF1AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.beta2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D680474-C329-4DD0-B4EA-2406E27EC474",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.beta3:*:*:*:*:*:*:*",
              "matchCriteriaId": "165A0D0B-C6B0-431F-BF36-223A27CD6A42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.beta4:*:*:*:*:*:*:*",
              "matchCriteriaId": "92FB54D3-F856-4027-8AAF-6B05AE17D520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.beta5:*:*:*:*:*:*:*",
              "matchCriteriaId": "34759794-747B-4770-8DB5-4E07AA8A15AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.beta6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D5AF2A0-3289-47FA-B8DB-D5E28504F012",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.beta7:*:*:*:*:*:*:*",
              "matchCriteriaId": "99268D48-CF82-450B-A033-D87AF4109531",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.beta8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2E09737-8107-45C0-BFF1-FB4CF81564CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.beta9:*:*:*:*:*:*:*",
              "matchCriteriaId": "280BE28D-B8A8-4E76-BC96-DB756C00B994",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "91E74D81-DF10-423A-8549-3BB5ED02B5A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "07D6853E-7E81-443D-8806-C8469217F55C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1BE4B6A-47A2-457B-B6B8-8FE5C2026A11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7382F655-9B27-443D-9397-346FBEADEFDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F180045-A0DA-40A3-AD3E-F3402FB6456A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1A2FFE7-D008-47B4-80E7-AEC176918E06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C840337-7B31-476B-BBCD-65F4899925E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc8:*:*:*:*:*:*:*",
              "matchCriteriaId": "545EF2F5-9BAE-4612-9958-70A5413818A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E80096F8-46D9-42E3-8CDB-99ADA2CBD970",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E504866-3429-4A4C-8278-5C2753D356C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc11:*:*:*:*:*:*:*",
              "matchCriteriaId": "30857130-636F-4719-9F1E-8F6369F40DAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc12:*:*:*:*:*:*:*",
              "matchCriteriaId": "9843D7CE-4723-4200-AFD4-5B31545A287E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc13:*:*:*:*:*:*:*",
              "matchCriteriaId": "54AF1D92-D89B-4DE4-9D47-72466873A4C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc14:*:*:*:*:*:*:*",
              "matchCriteriaId": "64A8FCA5-1666-48F7-9689-37D9315813F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc15:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4D517F3-F0A8-4362-89B9-0ED63515283F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc16:*:*:*:*:*:*:*",
              "matchCriteriaId": "23883A94-559B-4655-82D4-F09868235771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc17:*:*:*:*:*:*:*",
              "matchCriteriaId": "520B52BF-FD23-429D-BAA4-E08DB84C82F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc18:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B7948AB-2061-4ADB-A01C-3CE8B47CCD19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc19:*:*:*:*:*:*:*",
              "matchCriteriaId": "C24F6BFB-AA8C-441A-9026-809183D0350E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc20:*:*:*:*:*:*:*",
              "matchCriteriaId": "C22A513A-A94A-4BC4-B5B7-3CCA166C9874",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc21:*:*:*:*:*:*:*",
              "matchCriteriaId": "65038654-6B35-4502-BD74-F9F0954C5EF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc22:*:*:*:*:*:*:*",
              "matchCriteriaId": "4307AA80-C0AC-4193-8353-D746DBF52FD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc23:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E95BAF5-FC78-4286-B6BD-464E9F08CF9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc24:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C6AA8FD-3692-4069-8980-9544044B8CE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc25:*:*:*:*:*:*:*",
              "matchCriteriaId": "F22AADE9-D37D-439B-B934-8DA01A29BB87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc26:*:*:*:*:*:*:*",
              "matchCriteriaId": "4ECCD893-A5EE-4696-80AA-FD9092548BDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc27:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B960D71-04E5-45F7-8DC2-45C341673FB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dovecot:dovecot:1.0.rc28:*:*:*:*:*:*:*",
              "matchCriteriaId": "658E275E-8C2C-46EE-850A-14ADBD097E0F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de escalado de directorio en index/mbox/mbox-storage.c de Dovecot versiones anteriores a 1.0.rc29, cuando se usa la extensi\u00f3n (plugin) zlib, permite a atacantes remotos leer buzones de correo (mbox files) comprimidos con gzip (.gz) de su elecci\u00f3n mediante una secuencia .. (punto punto) en el nombre del buz\u00f3n."
    }
  ],
  "id": "CVE-2007-2231",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-04-25T15:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://dovecot.org/doc/NEWS"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://dovecot.org/list/dovecot-cvs/2007-March/008488.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://dovecot.org/list/dovecot-news/2007-March/000038.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/25072"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/30342"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2007/dsa-1359"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0297.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/466168/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/23552"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/usn-487-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/1452"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34082"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10995"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://dovecot.org/doc/NEWS"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://dovecot.org/list/dovecot-cvs/2007-March/008488.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://dovecot.org/list/dovecot-news/2007-March/000038.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/25072"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/30342"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2007/dsa-1359"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_8_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2008-0297.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/466168/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/23552"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-487-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/1452"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34082"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10995"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "This issue did not affect Red Hat Enterprise Linux prior to version 5.  An update to Red Hat Enterprise Linux 5 was released to correct this issue:\nhttps://rhn.redhat.com/errata/RHSA-2008-0297.html",
      "lastModified": "2008-05-21T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2007-2231 (GCVE-0-2007-2231)

Vulnerability from cvelistv5

Published

2007-04-25 15:00