FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dovecot-managesieve -- Script Name Directory Traversal Vulnerability

Affected packages
dovecot-managesieve < 0.10.4
0.11.0 <= dovecot-managesieve < 0.11.1

Details

VuXML ID 3efc106e-c451-11dd-a721-0030843d3802
Discovery 2008-11-18
Entry 2008-12-07

Secunia reports:

The security issue is caused due to an input validation error when processing script names. This can be exploited to read or modify arbitrary files having ".sieve" extensions via directory traversal attacks, with the privileges of the attacker's user id.

References

CVE Name CVE-2008-5301
URL http://dovecot.org/list/dovecot/2008-November/035259.html
URL http://secunia.com/Advisories/32768/
URL http://www.vupen.com/english/advisories/2008/3190