oss-sec mailing list archives
Request for CVE: Bytemark Symbiosis
From: Patrick J Cherry <patrick () bytemark co uk>
Date: Fri, 06 Jun 2014 11:22:15 +0100
Symbiosis is an easy to use collection of tools, utilities, and configuration files for mass hosting virtual domains using Apache, Exim, Dovecot, PureFTPD, and several other daemons. The code behind the system is freely available, and it is widely used by at least one hosting company. The code itself is available, along with documentation, here: http://symbiosis.bytemark.co.uk/ Unfortunately releases between these two mercurial identifiers contained a significant flaw: changeset: cbb56af035bb date: Thu Jun 05 18:54:22 2014 +0100 changeset: 99e920baf1f7 date: Tue Jul 07 15:27:26 2009 +0100 Attackers could arbitrarily blacklist individual IP addresses in the firewall using specially crafted usernames, providing a vector for denial of service attacks. This flaw was fixed with the following commit: https://projects.bytemark.co.uk/projects/symbiosis/repository/diff?rev_to=733b0e33f60b&rev=cbb56af035bb Please could a CVE identifier be allocated such that we may use it in our documentation. Thanks -- Patrick J Cherry Director of operations http://www.bytemark.co.uk/ Bytemark Hosting tel: +44 (0) 1904 890 890
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Request for CVE: Bytemark Symbiosis Patrick J Cherry (Jun 06)
- Re: Request for CVE: Bytemark Symbiosis cve-assign (Jun 11)