Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 13 Jun 2014 11:30:04 +0200
From: Damien Cauquil <d.cauquil@...dream.com>
To: oss-security@...ts.openwall.com
Subject: CVE request: Proxmox VE < 3.2 user enumeration vulnerability

Hi list,


We recently found a vulnerability affecting Proxmox VE < 3.2 that allows
an unauthenticated user to perform user enumeration. Vendor was
contacted and  the vulnerability fixed in Proxmox VE 3.2, released on
2014-03-10.


References:

* Proxmox related commits:
https://git.proxmox.com/?p=pve-access-control.git;a=commit;h=6126ab75a0837298427491ea64b9b2e1139c6ba6


We would like to request 1 CVE for this vulnerability.


-- 
Damien Cauquil
R&D Director
CHFI | CEH | ECSA | CEI

Sysdream
108 avenue Gabriel Péri
93400 Saint Ouen
Tel: +33 (0) 1 78 76 58 21
www.sysdream.com

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ