FreeBSD : dovecot-managesieve -- Script Name Directory Traversal Vulnerability (3efc106e-c451-11dd-a721-0030843d3802)

This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Secunia reports :

The security issue is caused due to an input validation error when
processing script names. This can be exploited to read or modify
arbitrary files having '.sieve' extensions via directory traversal
attacks, with the privileges of the attacker's user id.

See also :

http://www.vupen.com/english/advisories/2008/3190
http://secunia.com/Advisories/32768/
http://dovecot.org/list/dovecot/2008-November/035259.html
http://www.nessus.org/u?36c37b88

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 35053 (freebsd_pkg_3efc106ec45111dda7210030843d3802.nasl)

Bugtraq ID:

CVE ID: CVE-2008-5301

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now