PublicDate: 2008-04-17 22:05:00 UTC
Candidate: CVE-2007-6714
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6714
Description:
 DBMail before 2.2.9, when using authldap with an LDAP server that supports
 anonymous login such as Active Directory, allows remote attackers to bypass
 authentication via an empty password, which causes the LDAP bind to
 indicate success based on anonymous authentication.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 


Patches_dbmail:
upstream_dbmail: released (2.2.9)
dapper_dbmail: ignored (reached end-of-life)
feisty_dbmail: needed (reached end-of-life)
gutsy_dbmail: needed (reached end-of-life)
hardy_dbmail: ignored (reached end-of-life)
intrepid_dbmail: not-affected (2.2.9-1ubuntu1)
jaunty_dbmail: not-affected (2.2.9-1ubuntu1)
karmic_dbmail: not-affected (2.2.9-1ubuntu1)
lucid_dbmail: not-affected (2.2.9-1ubuntu1)
maverick_dbmail: not-affected (2.2.9-1ubuntu1)
natty_dbmail: not-affected (2.2.9-1ubuntu1)
oneiric_dbmail: DNE
devel_dbmail: DNE