Date: Fri, 06 Jun 2014 11:22:15 +0100 From: Patrick J Cherry <patrick@...emark.co.uk> To: oss-security@...ts.openwall.com Subject: Request for CVE: Bytemark Symbiosis Symbiosis is an easy to use collection of tools, utilities, and configuration files for mass hosting virtual domains using Apache, Exim, Dovecot, PureFTPD, and several other daemons. The code behind the system is freely available, and it is widely used by at least one hosting company. The code itself is available, along with documentation, here: http://symbiosis.bytemark.co.uk/ Unfortunately releases between these two mercurial identifiers contained a significant flaw: changeset: cbb56af035bb date: Thu Jun 05 18:54:22 2014 +0100 changeset: 99e920baf1f7 date: Tue Jul 07 15:27:26 2009 +0100 Attackers could arbitrarily blacklist individual IP addresses in the firewall using specially crafted usernames, providing a vector for denial of service attacks. This flaw was fixed with the following commit: https://projects.bytemark.co.uk/projects/symbiosis/repository/diff?rev_to=733b0e33f60b&rev=cbb56af035bb Please could a CVE identifier be allocated such that we may use it in our documentation. Thanks -- Patrick J Cherry Director of operations http://www.bytemark.co.uk/ Bytemark Hosting tel: +44 (0) 1904 890 890 Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.