Vulnerability CVE-2007-2231

Vulnerability Name:

CVE-2007-2231 (CCN-34082)

Assigned:

2007-03-28

Published:

2007-03-28

Updated:

2018-10-16

Summary:

Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.

CVSS v3 Severity:

3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2007-2231

Source: CCN
Type: Dovecot Web site
NEWS

Source: CONFIRM
Type: UNKNOWN
http://dovecot.org/doc/NEWS

Source: MLIST
Type: UNKNOWN
[dovecot-cvs] 20070330 dovecot/src/lib-storage/index/mbox mbox-storage.c, 1.145.2.14, 1.145.2.15

Source: CCN
Type: Dovecot-news Mailing List, Fri Mar 30 17:46:29 EEST 2007
Security hole #3: zlib plugin allows opening any gziped mboxes

Source: MLIST
Type: UNKNOWN
[dovecot-news] 20070330 Security hole #3: zlib plugin allows opening any gziped mboxes

Source: CCN
Type: RHSA-2008-0297
Low: dovecot security and bug fix update

Source: SECUNIA
Type: UNKNOWN
25072

Source: SECUNIA
Type: UNKNOWN
30342

Source: DEBIAN
Type: UNKNOWN
DSA-1359

Source: DEBIAN
Type: DSA-1359
dovecot -- directory traversal

Source: SUSE
Type: UNKNOWN
SUSE-SR:2007:008

Source: REDHAT
Type: UNKNOWN
RHSA-2008:0297

Source: BUGTRAQ
Type: UNKNOWN
20070418 rPSA-2007-0074-1 dovecot

Source: BID
Type: UNKNOWN
23552

Source: CCN
Type: BID-23552
Dovecot Zlib Plugin Remote Information Disclosure Vulnerability

Source: CCN
Type: USN-487-1
Dovecot vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-487-1

Source: VUPEN
Type: UNKNOWN
ADV-2007-1452

Source: XF
Type: UNKNOWN
dovecot-mboxstorage-directory-traversal(34082)

Source: XF
Type: UNKNOWN
dovecot-mboxstorage-directory-traversal(34082)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10995

Vulnerable Configuration:

Configuration 1:

cpe:/a:dovecot:dovecot:1.0.beta1:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.beta2:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.beta3:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.beta4:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.beta5:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.beta6:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.beta7:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.beta8:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.beta9:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc1:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc2:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc3:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc4:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc5:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc6:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc7:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc8:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc9:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc10:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc11:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc12:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc13:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc14:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc15:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc16:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc17:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc18:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc19:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc20:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc21:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc22:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc23:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc24:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc25:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc26:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc27:*:*:*:*:*:*:*

OR cpe:/a:dovecot:dovecot:1.0.rc28:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20072231	V	CVE-2007-2231	2015-11-16
oval:org.mitre.oval:def:20207	P	DSA-1359-1 dovecot - directory traversal	2014-06-23
oval:org.mitre.oval:def:22086	P	ELSA-2008:0297: dovecot security and bug fix update (Low)	2014-05-26
oval:org.mitre.oval:def:10995	V	Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.	2013-04-29
oval:com.redhat.rhsa:def:20080297	P	RHSA-2008:0297: dovecot security and bug fix update (Low)	2008-05-21

BACK