OpenVZ/Kernel Exploit CVE-2013-2224

R

reflex

New Member
Jul 2, 2013
11
0
1
Hi, just wanted to point your attention to a recent explpoit that can kill the entire node from within an OpenVZ container (works on Proxmox - tested!).

Details at: http://www.webhostingtalk.com/showthread.php?t=1280486
Red Hat: https://bugzilla.redhat.com/show_bug.cgi?id=979936
(not posting exploit code, but not too hard to find)

There are new RH & OpenVZ kernels, could that get applied to the pve kernels/source please?

Or am I missing something and that is already discussed elsewhere?

Thank you,
-andre
 
reflex said:
Hi, just wanted to point your attention to a recent explpoit that can kill the entire node from within an OpenVZ container (works on Proxmox - tested!).

Details at: http://www.webhostingtalk.com/showthread.php?t=1280486
Red Hat: https://bugzilla.redhat.com/show_bug.cgi?id=979936
(not posting exploit code, but not too hard to find)

There are new RH & OpenVZ kernels, could that get applied to the pve kernels/source please?

Or am I missing something and that is already discussed elsewhere?

Thank you,
-andre
Click to expand...


Thanks for Information!
 
We just uploaded a new kernel with the fix to our pvetest repo.

- pve-kernel-2.6.32 (2.6.32-105)
  • update to vzkernel-2.6.32-042stab078.27.src.rpm (fix CVE-2013-2224)
if you just want this kernel (and not switching to pvetest), you can download and install the kernel and firmware manually:

Code: 
wget http://download.proxmox.com/debian/dists/wheezy/pvetest/binary-amd64/pve-firmware_1.0-23_all.deb http://download.proxmox.com/debian/dists/wheezy/pvetest/binary-amd64/pve-kernel-2.6.32-21-pve_2.6.32-105_amd64.deb
 
dpkg -i pve-firmware_1.0-23_all.deb pve-kernel-2.6.32-21-pve_2.6.32-105_amd64.deb

to activate, reboot.

Note, this is for Proxmox VE 3.x only. Pls test.
 
tom said:
We just uploaded a new kernel with the fix to our pvetest repo.

- pve-kernel-2.6.32 (2.6.32-105)
  • update to vzkernel-2.6.32-042stab078.27.src.rpm (fix CVE-2013-2224)
if you just want this kernel (and not switching to pvetest), you can download and install the kernel and firmware manually:
Click to expand...

Is this fix included in 3.1?
 
You must log in or register to reply here.
Top Bottom