Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a … (dot dot) sequence in the mailbox name.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | dovecot | < 1.0.rc29-1 | dovecot_1.0.rc29-1_all.deb |
Debian | 11 | all | dovecot | < 1.0.rc29-1 | dovecot_1.0.rc29-1_all.deb |
Debian | 10 | all | dovecot | < 1.0.rc29-1 | dovecot_1.0.rc29-1_all.deb |
Debian | 999 | all | dovecot | < 1.0.rc29-1 | dovecot_1.0.rc29-1_all.deb |
Debian | 13 | all | dovecot | < 1.0.rc29-1 | dovecot_1.0.rc29-1_all.deb |