Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 14 May 2012 13:41:13 +0100
From: Steve Kemp <>
Subject: CVE request: Bytemark Symbiosis

  Symbiosis is an easy to use collection of tools, utilities,
 and configuration files for mass hosting virtual domains
 using Apache, Exim4, Dovecot, PureFTPD, and several other

  The code behind the system is freely available, and it
 is widely used by at least one hosting company.  The code
 itself is available, along with documentation, here:

  Unfortunately releases between these two mercurial
 identifiers contained a significant flaw:

  mercurial ID:   1068
  date:        Wed Feb 01 11:49:57 2012 +0000


  changeset:   1326
  date:        Thu May 10 08:35:13 2012 +0100

  IMAP/POP3/SMTP authentication would accept any password
 for any valid email account.  (Logins are of the form

  This was fixed with the following commit:

  Please could a CVE identifier be allocated such that we
 may use it in our documentation.

Debian GNU/Linux System Administration

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.