oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request: Bytemark Symbiosis

From: Steve Kemp <steve () steve org uk>
Date: Mon, 14 May 2012 13:41:13 +0100

  Symbiosis is an easy to use collection of tools, utilities,
 and configuration files for mass hosting virtual domains
 using Apache, Exim4, Dovecot, PureFTPD, and several other
 daemons.

  The code behind the system is freely available, and it
 is widely used by at least one hosting company.  The code
 itself is available, along with documentation, here:

    http://symbiosis.bytemark.co.uk/

  Unfortunately releases between these two mercurial
 identifiers contained a significant flaw:

  mercurial ID:   1068
  date:        Wed Feb 01 11:49:57 2012 +0000

  And

  changeset:   1326
  date:        Thu May 10 08:35:13 2012 +0100


  IMAP/POP3/SMTP authentication would accept any password
 for any valid email account.  (Logins are of the form
 $user@$domain.)

  This was fixed with the following commit:

    https://projects.bytemark.co.uk/projects/symbiosis/repository/diff?rev=1327&rev_to=1322

  Please could a CVE identifier be allocated such that we
 may use it in our documentation.

Steve
-- 
Debian GNU/Linux System Administration
http://www.debian-administration.org/
Previous By Date Next
Previous By Thread Next

Current thread: