oss-security - CVE missing? for "Exim with Dovecot: Typical Misconfiguration Leads to Remote Command Execution"

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [thread-next>] [day] [month] [year] [list]

Message-ID: <CAD6CYKNeeF7ODUMLXqDf_GrbPgRvBX7d01JChvyqh9_r_GCYWw@mail.gmail.com>
Date: Mon, 29 Jul 2013 09:48:39 +0200
From: Alexandre Dulaunoy <a@....be>
To: oss-security@...ts.openwall.com
Subject: CVE missing? for "Exim with Dovecot: Typical Misconfiguration Leads
 to Remote Command Execution"

Hi All,

I couldn't find the CVE number for the following vulnerability/misconfiguration:

https://www.redteam-pentesting.de/en/advisories/rt-sa-2013-001/-exim-with-dovecot-typical-misconfiguration-leads-to-remote-command-execution

Is there a CVE assigned for this combo vulnerability in Exim/Dovecot?
or as this is a configuration matter there is no CVE assigned (even if
this "recommended configuration" was in the wiki of the vendor)?

Thanks for any feedback,

Cheers

-- 
--                   Alexandre Dulaunoy (adulau) -- http://www.foo.be/
--                             http://www.foo.be/cgi-bin/wiki.pl/Diary
--         "Knowledge can create problems, it is not through ignorance
--                                that we can solve them" Isaac Asimov

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.