lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 7 Sep 2005 12:42:38 -0000
From: maxim@...ureol.com
To: bugtraq@...urityfocus.com
Subject: Vulnerability In SecureOL VE2 v1.05.1008


Introduction:

VE2 provides two separate virtual environments (Secured and Public(
To ensure corporate security and to provide secured and free access to 
the WEB while protecting the enterprise.

Summary:
Windows 16-bit execution support allows direct access to physical 
memory through \\PhysicalMemory device (which is actually a section) for
legacy NTVDM and Virtual Real Mode of the processor, accessing physical
memory from Public Environment provides direct bridge to Secured
Environment processes memory.
 
Proof of concept:
http://cybermessageboard.xeran.com/secureol/viewtopic.php?t=26

 Vulnerability submitted by Joe Stewart,
 22.08.05

 Patch Released:
23.08.05  - VE2 v1.05.1009

The information has been provided by Maxim Vainstein: maxim@...ureol.com

For more information: http://www.secureol.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ