CVE-2006-0798

Name of the Vulnerable Software and Affected Versions Macallan Mail Solution versions prior to 4.8.05.004

Description The issue allows remote authenticated users to perform unauthorized actions, such as reading e-mails of other users or creating, modifying, or deleting directories, by exploiting directory traversal vulnerabilities in the IMAP service. This is achieved by including a .. (dot dot) in the argument to certain commands.

Recommendations For versions prior to 4.8.05.004, update to version 4.8.05.004 or later to resolve the issue. As a temporary workaround, consider restricting access to the IMAP service or limiting the use of the CREATE, SELECT, DELETE, and RENAME commands until the update is applied.