CVE-2007-2231

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 1.0.rc29

Description The issue allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name when the zlib plugin is used.

Recommendations For versions prior to 1.0.rc29, update to version 1.0.rc29 or later to resolve the issue. As a temporary workaround, consider disabling the zlib plugin until a patch is available. Restrict access to sensitive mailboxes to minimize the risk of exploitation.