Lucene search

Ubuntu.comUB:CVE-2008-5301

HistoryDec 01, 2008 - 12:00 a.m.

CVE-2008-5301

2008-12-0100:00:00

ubuntu.com

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

77.5%

JSON

Directory traversal vulnerability in the ManageSieve implementation in
Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify
arbitrary .sieve files via a “…” (dot dot) in a script name.

Bugs

Notes

Author	Note
mdeslaur	ManageSieve is only present as a patch in Intrepid+

OSVersionArchitecturePackageVersionFilename
ubuntu8.10noarchdovecot< 1:1.1.4-0ubuntu1.3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.10	noarch	dovecot	< 1:1.1.4-0ubuntu1.3	UNKNOWN

References

dovecot.org/list/dovecot/2008-November/035259.html

launchpad.net/bugs/cve/CVE-2008-5301

nvd.nist.gov/vuln/detail/CVE-2008-5301

security-tracker.debian.org/tracker/CVE-2008-5301

ubuntu.com/security/notices/USN-838-1

www.cve.org/CVERecord?id=CVE-2008-5301

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

77.5%

JSON

Related for UB:CVE-2008-5301