A weakness has been reported in Dovecot, which can be exploited by malicious users to gain knowledge of potentially sensitive information.
The weakness is caused due to an input validation error in the LIST command of the IMAP service. This can be exploited by an authenticated user to list the contents of the parent directory hence disclosing the names of other users' mailboxes.
Solution: The weakness has been fixed in version 1.0 beta8.
Provided and/or discovered by: Reported by the vendor.
Original Advisory: http://www.dovecot.org/list/dovecot-news/2006-May/000006.html
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org