CVE-2006-2414

Name of the Vulnerable Software and Affected Versions Dovecot versions 1.0 beta through 1.0

Description A directory traversal issue allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the LIST or DELETE IMAP command.

Recommendations For Dovecot versions 1.0 beta through 1.0, consider restricting access to the LIST and DELETE IMAP commands until a patch is available. As a temporary workaround, restrict the use of ".." sequences in these commands to minimize the risk of exploitation.