CVE-2006-2308

Name of the Vulnerable Software and Affected Versions EServ/3 version 3.25

Description A directory traversal issue in the IMAP service allows remote authenticated users to access other users' email messages, create or rename arbitrary directories on the system, and delete empty directories. This can be achieved by using directory traversal sequences in various commands, including the CREATE, SELECT, DELETE, RENAME, COPY, and APPEND commands.

Recommendations For EServ/3 version 3.25, consider restricting access to the IMAP service until a fix is available, and limit the use of the CREATE, SELECT, DELETE, RENAME, COPY, and APPEND commands to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.