Bill Boebel

**Name of the Vulnerable Software and Affected Versions** Dovecot versions 1.0 beta through 1.0 **Description** A directory traversal issue allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the LIST or DELETE IMAP command. **Recommendations** For Dovecot versions 1.0 beta through 1.0, consider restricting access to the LIST and DELETE IMAP commands until a patch is available. As a temporary workaround, restrict the use of ".." sequences in these commands to minimize the risk of exploitation.