[PVE-User] SimFS (VZ / OpenVZ) Security Vulnerability - CVE-2014-3519

Daejuan Jacobs daejuan at gmail.com
Tue Jun 24 20:46:21 CEST 2014


I'm not sure how many people are aware of this. But there is a critical bug
in the RHEL6 2.6.3. The exploit will allow a malicious user to obtain any
file from another container.

https://openvz.org/Download/kernel/rhel6/042stab090.5
<http://hostingseclist.us3.list-manage1.com/track/click?u=722bc323a024d15a407baae81&id=4c8cc8b569&e=1888aec749>
http://kb.parallels.com/en/122142
<http://hostingseclist.us3.list-manage1.com/track/click?u=722bc323a024d15a407baae81&id=d62905f983&e=1888aec749>

I'm not sure which filesystem Proxmox uses as default.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pve.proxmox.com/pipermail/pve-user/attachments/20140624/e1e7489e/attachment-0014.html>


More information about the pve-user mailing list