Vulnerability Name:

CVE-2011-2167 (CCN-67674)

Assigned:2011-05-11
Published:2011-05-11
Updated:2017-08-29
Summary:script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
CVSS v3 Severity:3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
4.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N)
3.0 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
3.6 Low (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:N)
2.6 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-22
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2011-2167

Source: CCN
Type: Dovecot Web Site
[Dovecot] v2.0.13 released

Source: MLIST
Type: Patch
[dovecot] 20110511 v2.0.13 released

Source: MLIST
Type: Patch
[oss-security] 20110518 Dovecot releases

Source: CCN
Type: RHSA-2013-0520
Low: dovecot security and bug fix update

Source: REDHAT
Type: UNKNOWN
RHSA-2013:0520

Source: SECUNIA
Type: UNKNOWN
52311

Source: CONFIRM
Type: UNKNOWN
http://www.dovecot.org/doc/NEWS-2.0

Source: CCN
Type: OSVDB ID: 74515
Dovecot script-login chroot Configuration Setting Traversal Arbitrary File Access

Source: BID
Type: UNKNOWN
48003

Source: CCN
Type: BID-48003
Dovecot 'script-login' Multiple Security Bypass Vulnerabilities

Source: XF
Type: UNKNOWN
dovecot-scriptlogin-dir-traversal(67674)

Source: XF
Type: UNKNOWN
dovecot-scriptlogin-dir-traversal(67674)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:dovecot:dovecot:2.0.0:-:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.10:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.11:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.12:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:6::server:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:6::workstation:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:dovecot:dovecot:2.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:dovecot:dovecot:2.0.12:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux:6:*:server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:6:*:workstation:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:27675
    P
    		ELSA-2013-0520 -- dovecot security and bug fix update (low)
    2014-12-15
    oval:org.mitre.oval:def:27001
    P
    		RHSA-2013:0520 -- dovecot security and bug fix update (Low)
    2014-12-08
    oval:com.redhat.rhsa:def:20130520
    P
    		RHSA-2013:0520: dovecot security and bug fix update (Low)
    2013-02-21
    BACK
    dovecot dovecot 2.0.0
    dovecot dovecot 2.0.1
    dovecot dovecot 2.0.2
    dovecot dovecot 2.0.3
    dovecot dovecot 2.0.4
    dovecot dovecot 2.0.5
    dovecot dovecot 2.0.6
    dovecot dovecot 2.0.7
    dovecot dovecot 2.0.8
    dovecot dovecot 2.0.9
    dovecot dovecot 2.0.10
    dovecot dovecot 2.0.11
    dovecot dovecot 2.0.12
    dovecot dovecot 2.0 beta1
    dovecot dovecot 2.0.1
    dovecot dovecot 2.0.2
    dovecot dovecot 2.0.3
    dovecot dovecot 2.0.4
    dovecot dovecot 2.0.5
    dovecot dovecot 2.0.12
    redhat enterprise linux 6
    redhat enterprise linux 6