Date: Tue, 13 Feb 2018 20:39:25 +0000 From: VMware Security Response Center <security@...are.com> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> CC: VMware Security Response Center <security@...are.com> Subject: Authentication Bypass Vulnerability in VMware Xenon (CVE-2017-4952) VMware Xenon contains an authentication bypass vulnerability (CVE-2017-4952) due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure. Fixes/References -------------- master: https://github.com/vmware/xenon/commit/c23964eb57e846126daef98ef7ed15400313e977 1.5.4-CR7_1: https://github.com/vmware/xenon/commit/5682ef8d40569afd00fb9a5933e7706bb5b66713 1.5.7_7: https://github.com/vmware/xenon/commit/06b9947cf603ba40fd8b03bfeb2e84528a7ab592 1.5.4-CR6_2: https://github.com/vmware/xenon/commit/30ae41bccf418d88b52b35a81efb3c1304b798f8 1.3.7-CR1_2: https://github.com/vmware/xenon/commit/7a747d82b80cd38d2c11a0d9cdedb71c722a2c75 1.1.0-CR0-3: https://github.com/vmware/xenon/commit/756d893573414eec8635c2aba2345c4dcf10b21c 1.1.0-CR3_1: https://github.com/vmware/xenon/commit/055ae13603f0cc3cd7cf59f20ce314bf8db583e1 1.4.2-CR4_1: https://github.com/vmware/xenon/commit/ec30db9afada9cb52852082ce4d7d0095524f3b3 1.5.4_8: https://github.com/vmware/xenon/commit/ec30db9afada9cb52852082ce4d7d0095524f3b3 We would like to thank George Chrysanthakopoulos of for reporting this issue. -------------- Edward Hawkins Senior Program Manager, Security Response security@...are.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.