Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 13 Feb 2018 20:39:25 +0000
From: VMware Security Response Center <security@...are.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>
CC: VMware Security Response Center <security@...are.com>
Subject: Authentication Bypass Vulnerability in VMware Xenon (CVE-2017-4952)

VMware Xenon contains an authentication bypass vulnerability (CVE-2017-4952) due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure.
Fixes/References
--------------
master: https://github.com/vmware/xenon/commit/c23964eb57e846126daef98ef7ed15400313e977
1.5.4-CR7_1: https://github.com/vmware/xenon/commit/5682ef8d40569afd00fb9a5933e7706bb5b66713
1.5.7_7: https://github.com/vmware/xenon/commit/06b9947cf603ba40fd8b03bfeb2e84528a7ab592
1.5.4-CR6_2: https://github.com/vmware/xenon/commit/30ae41bccf418d88b52b35a81efb3c1304b798f8
1.3.7-CR1_2: https://github.com/vmware/xenon/commit/7a747d82b80cd38d2c11a0d9cdedb71c722a2c75
1.1.0-CR0-3: https://github.com/vmware/xenon/commit/756d893573414eec8635c2aba2345c4dcf10b21c
1.1.0-CR3_1: https://github.com/vmware/xenon/commit/055ae13603f0cc3cd7cf59f20ce314bf8db583e1
1.4.2-CR4_1: https://github.com/vmware/xenon/commit/ec30db9afada9cb52852082ce4d7d0095524f3b3
1.5.4_8: https://github.com/vmware/xenon/commit/ec30db9afada9cb52852082ce4d7d0095524f3b3
We would like to thank George Chrysanthakopoulos of for reporting this issue.

--------------
Edward Hawkins
Senior Program Manager, Security Response
security@...are.com

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.