oss-sec mailing list archives
Re: CVE request: Bytemark Symbiosis
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 14 May 2012 12:44:14 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/14/2012 06:41 AM, Steve Kemp wrote:
Symbiosis is an easy to use collection of tools, utilities, and configuration files for mass hosting virtual domains using Apache, Exim4, Dovecot, PureFTPD, and several other daemons. The code behind the system is freely available, and it is widely used by at least one hosting company. The code itself is available, along with documentation, here: http://symbiosis.bytemark.co.uk/ Unfortunately releases between these two mercurial identifiers contained a significant flaw: mercurial ID: 1068 date: Wed Feb 01 11:49:57 2012 +0000 And changeset: 1326 date: Thu May 10 08:35:13 2012 +0100 IMAP/POP3/SMTP authentication would accept any password for any valid email account. (Logins are of the form $user@$domain.) This was fixed with the following commit: https://projects.bytemark.co.uk/projects/symbiosis/repository/diff?rev=1327&rev_to=1322 Please could a CVE identifier be allocated such that we may use it in our documentation.
Please use CVE-2012-2368 for this issue.
Steve
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPsVJ9AAoJEBYNRVNeJnmT0KMP/RXheb+YHfhsp4fGngiIeiEt 1ST4l+4SChl6EMJra0Z8i/Zp1b3N0QBU44dUH6eWRQlpBH8EREmUiRIea3H3nL1+ hWac+y6Z/YZfODfoOljvE2/LrNue/eoyNUt4pT2W/UX5q3YsmIK2Seduhnm34n9N 2CmJB5cflu+x9zGUoHsiMNuI05eZbbeyxceXUmBEoEKO1j01tulhDlAzNCfDx3Fl JbOm6vZBXotYlpJVEtbfU2tzVMOMB04FWzTh06Fh5ftwq4q0HxMsZ6TdTd82zX4y yWn3xIfdSB4/zAkmJmnybpjLtSOlRz4R6YCPrKuLKk/6c8UPuDtDwYWxLslvTlMq gWuMr/o/dKUVafQO2TMpSnKlhzOYq41GBmjDq7WDjsAcZppesUqp8CZcRaWZqkAn dnqW7wOppG6o7GsTw7fO9Lmp4URZdVbFk99DL4IqBhbXUEtorchf5Q6tNRVgdW4v UfdAiMKRjAa4M6uKqXGp4tf7s+S/Pwrt+T2O7LOjuzv/sDBUfifpazLCkRxeCzeU patcWOvrrR9ttE3QyjKKkBVLZjkkj6hkVRRCq8fs6i9c8vr5da01Tc44T9TgNY7D G+R8Ge1BBIsnOPk0VDIAOdbn3HCjtPpAUG91R0+01oNaP8/RiEZcGP83j17u9G35 T9WKsGHvheUmQMh1o4wj =QAJN -----END PGP SIGNATURE-----
Current thread:
- CVE request: Bytemark Symbiosis Steve Kemp (May 14)
- Re: CVE request: Bytemark Symbiosis Kurt Seifried (May 14)