Buffer over-read vulnerability in Virtuozzo Power Panel (VZPP) and Automator

["Securify B.V. via Fulldisclosure" <fulldisclosure () seclists org>]

------------------------------------------------------------------------
Buffer over-read vulnerability in Virtuozzo Power Panel (VZPP) and
Automator
------------------------------------------------------------------------
Sipke Mellema, July 2017

------------------------------------------------------------------------
Abstract
------------------------------------------------------------------------
Virtuozzo Power Panel is a solution that allows customers of service
providers to manage their virtual environments. Virtuozzo Automator is
an administrative tool for managing the service provider's virtual
infrastructure. Both products are affected by a buffer over-read
vulnerability that allows attackers to read random server memory.

------------------------------------------------------------------------
Tested versions
------------------------------------------------------------------------
This issue was tested on Virtuozzo Power Panel version 6.1.2.

------------------------------------------------------------------------
Fix
------------------------------------------------------------------------
A fix for this issue is included in the following software versions:
- Virtuozzo Power Panel 6.1.2-hotfix5
- Virtuozzo Automator 6.1.2-hotfix5 and 7.0.2-hotfix1

------------------------------------------------------------------------
Details
------------------------------------------------------------------------
https://www.securify.nl/advisory/SFY20170701/buffer-over-read-vulnerability-in-virtuozzo-power-panel-_vzpp_-and-automator.html

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/