FreeBSD : dovecot-managesieve -- Script Name Directory Traversal Vulnerability (3efc106e-c451-11dd-a721-0030843d3802)

Medium Nessus Plugin ID 35053


The remote FreeBSD host is missing one or more security-related updates.


Secunia reports :

The security issue is caused due to an input validation error when processing script names. This can be exploited to read or modify arbitrary files having '.sieve' extensions via directory traversal attacks, with the privileges of the attacker's user id.


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 35053

File Name: freebsd_pkg_3efc106ec45111dda7210030843d3802.nasl

Version: $Revision: 1.10 $

Type: local

Published: 2008/12/08

Modified: 2013/06/21

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:dovecot-managesieve, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2008/12/07

Vulnerability Publication Date: 2008/11/18

Reference Information

CVE: CVE-2008-5301

CWE: 22