Date: Mon, 14 May 2012 13:41:13 +0100 From: Steve Kemp <steve@...ve.org.uk> To: oss-security@...ts.openwall.com Subject: CVE request: Bytemark Symbiosis Symbiosis is an easy to use collection of tools, utilities, and configuration files for mass hosting virtual domains using Apache, Exim4, Dovecot, PureFTPD, and several other daemons. The code behind the system is freely available, and it is widely used by at least one hosting company. The code itself is available, along with documentation, here: http://symbiosis.bytemark.co.uk/ Unfortunately releases between these two mercurial identifiers contained a significant flaw: mercurial ID: 1068 date: Wed Feb 01 11:49:57 2012 +0000 And changeset: 1326 date: Thu May 10 08:35:13 2012 +0100 IMAP/POP3/SMTP authentication would accept any password for any valid email account. (Logins are of the form $user@...main.) This was fixed with the following commit: https://projects.bytemark.co.uk/projects/symbiosis/repository/diff?rev=1327&rev_to=1322 Please could a CVE identifier be allocated such that we may use it in our documentation. Steve -- Debian GNU/Linux System Administration http://www.debian-administration.org/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.