{"id":"CVE-2011-2167","details":"script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.","modified":"2026-04-10T03:41:49.044194Z","published":"2011-05-24T23:55:04Z","references":[{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2013-0520.html"},{"type":"ADVISORY","url":"http://secunia.com/advisories/52311"},{"type":"FIX","url":"http://dovecot.org/pipermail/dovecot/2011-May/059085.html"},{"type":"FIX","url":"http://openwall.com/lists/oss-security/2011/05/18/4"},{"type":"WEB","url":"http://www.dovecot.org/doc/NEWS-2.0"},{"type":"WEB","url":"http://www.securityfocus.com/bid/48003"},{"type":"WEB","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/67674"}],"schema_version":"1.7.5"}