lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <deaeba22-23df-9370-5f28-368e959e5731@securify.nl>
Date: Wed, 5 Jul 2017 19:21:24 +0200
From: "Securify B.V. via Fulldisclosure" <fulldisclosure@...lists.org>
To: fulldisclosure@...lists.org
Subject: [FD] Buffer over-read vulnerability in Virtuozzo Power Panel (VZPP)
 and Automator

------------------------------------------------------------------------
Buffer over-read vulnerability in Virtuozzo Power Panel (VZPP) and
Automator
------------------------------------------------------------------------
Sipke Mellema, July 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
Virtuozzo Power Panel is a solution that allows customers of service
providers to manage their virtual environments. Virtuozzo Automator is
an administrative tool for managing the service provider's virtual
infrastructure. Both products are affected by a buffer over-read
vulnerability that allows attackers to read random server memory.

------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
This issue was tested on Virtuozzo Power Panel version 6.1.2.

------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
A fix for this issue is included in the following software versions:
- Virtuozzo Power Panel 6.1.2-hotfix5
- Virtuozzo Automator 6.1.2-hotfix5 and 7.0.2-hotfix1

------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://www.securify.nl/advisory/SFY20170701/buffer-over-read-vulnerability-in-virtuozzo-power-panel-_vzpp_-and-automator.html

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ