SNS Vulnerability

Dovecot ManageSieve Script Name Directory Traversal Vulnerability

Description

A vulnerability has been identified in Dovecot ManageSieve, which could be exploited by malicious users to gain knowledge of sensitive information. This issue is caused by an input validation error when processing script names, which could allow malicious virtual users to read or edit ".sieve" script files.

Vulnerable Products

Vulnerable Software:
Dovecot ManageSieve

Solution

Apply patches : http://dovecot.org/list/dovecot/2008-November/035259.html

CVE

CVE-2008-5301

References

http://dovecot.org/list/dovecot/2008-November/035259.html

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
Misc : Directory traversal - parameter starting with ../	3.2.0
Directory traversal using ..\..	3.2.0
Directory traversal	3.2.0
Directory traversal backward root folder	3.2.0

Risk level

Moderate

Vulnerability First Public Report Date

2008-11-19

Target Type

Server

Possible exploit

Local & Remote