CVE-2011-2167

Dovecot 2.0.x <2.0.13 - Path Traversal

Title source: llm
STIX 2.1

Description

script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.

References (7)

Core 7
Core References
Various Sources x_refsource_confirm
http://www.dovecot.org/doc/NEWS-2.0
Patch mailing-list x_refsource_mlist
http://dovecot.org/pipermail/dovecot/2011-May/059085.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0520.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/52311
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/48003
Patch mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/05/18/4
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/67674

Scores

EPSS 0.0221
EPSS Percentile 80.4%

Details

CWE
CWE-22
Status published
Products (13)
dovecot/dovecot 2.0.0
dovecot/dovecot 2.0.1
dovecot/dovecot 2.0.2
dovecot/dovecot 2.0.3
dovecot/dovecot 2.0.4
dovecot/dovecot 2.0.5
dovecot/dovecot 2.0.6
dovecot/dovecot 2.0.7
dovecot/dovecot 2.0.8
dovecot/dovecot 2.0.9
... and 3 more
Published May 24, 2011
Tracked Since Feb 18, 2026