Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


CVE-2014-9322 privilege escalation
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

CVE-2014-9322 privilege escalation

It seems no threads mentioned CVE-2014-9322 yet.

on shared kernel, atleast openvz/parallels, it will cause privilege escalation from the guest container.

Comments

  • I'm sure there was a thread the other morning about this?

  • @krs360 said:
    I'm sure there was a thread the other morning about this?

    Yep... http://lowendtalk.com/discussion/39291/openvz-update

  • Tons of providers have not updated yet it seems, please do :)

  • thanks. i missed the thread alike one of providers around here.

  • linuxthefish said: Tons of providers have not updated yet it seems, please do :)

    If you have an OpenVZ VPS somewhere and see an older kernel, reboot your VPS and then check the kernel version again. You might be surprised that it is suddenly newer.

  • @linuxthefish said:
    Tons of providers have not updated yet it seems, please do :)

    You can always raise a ticket to remind them ;)

    @rds100 said:
    have an OpenVZ VPS somewhere and see an older kernel, reboot your VPS and then check the kernel version again. You might be surprised that it is suddenly newer

    This.

    A large number of providers pause/suspend VM's rather than a full shutdown/reboot of them.

  • coolicecoolice Member
    edited December 2014

    @linuxthefish said:
    Tons of providers have not updated yet it seems, please do :)

    If they use kernel care you will see it as old version but it actually patched with latest bug fixes just not shown publicly

    just this time we used to wait a bit more than I'm confortable to

    /usr/bin/kcarectl --info 
    kpatch-state: patch is applied
    kpatch-for: Linux version 2.6.32-042stab093.4 (root@kbuild-rh6-x64) (gcc version 4.4.6 20120305 (Red Hat 4.4.6-4) (GCC) ) #1 SMP Mon Aug 11 18:47:39 MSK 2014
    kpatch-build-time: Thu Dec 18 15:17:19 2014
    kpatch-description: 13;2.6.32-042stab094.8+
    
    
  • rds100 said: If you have an OpenVZ VPS somewhere and see an older kernel, reboot your VPS and then check the kernel version again. You might be surprised that it is suddenly newer.

    Yeah I tried :(

    root@s1:~# uptime
    10:37:56 up 0 min, 1 user, load average: 0.00, 0.00, 0.00
    root@s1:~# uname -a
    Linux s1 2.6.32-042stab090.5 #1 SMP Sat Jun 21 00:15:09 MSK 2014 i686 GNU/Linux

Sign In or Register to comment.