Virtuozzo Power Panel (VZPP) 6.1.2 Buffer Over-Read

Published
Credit
Risk
2017.07.07
Sipke Mellema
High
CWE
CVE
Local
Remote
CWE-119
N/A
Yes
No

------------------------------------------------------------------------
Buffer over-read vulnerability in Virtuozzo Power Panel (VZPP) and Automator
------------------------------------------------------------------------
Sipke Mellema, July 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
Virtuozzo Power Panel is a solution that allows customers of service
providers to manage their virtual environments. Virtuozzo Automator is
an administrative tool for managing the service provider's virtual
infrastructure. Both products are affected by a buffer over-read
vulnerability that allows attackers to read random server memory.

------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
This issue was tested on Virtuozzo Power Panel version 6.1.2.

------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
A fix for this issue is included in the following software versions:
- Virtuozzo Power Panel 6.1.2-hotfix5
- Virtuozzo Automator 6.1.2-hotfix5 and 7.0.2-hotfix1

------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://www.securify.nl/advisory/SFY20170701/buffer-over-read-vulnerability-in-virtuozzo-power-panel-_vzpp_-and-automator.html


References:

https://www.securify.nl/advisory/SFY20170701/buffer-over-read-vulnerability-in-virtuozzo-power-panel-_vzpp_-and-automator.html


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com