Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Xen kernel loader vulnerability
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Xen kernel loader vulnerability

rm_rm_ IPv6 Advocate, Veteran
edited June 2013 in General

http://www.openwall.com/lists/oss-security/2013/06/20/4

A malicious PV domain administrator who can specify their own kernel

can escalate their privilege to that of the domain construction tools
(i.e., normally, to control of the host).

So one can boot a specially crafted kernel inside a VPS, and gain control of the host node.

Looks like these days you can't trust anything - OpenVZ, Solus, now Xen. Makes me want to cancel all my remaining VPSes and just move everything to dedis.

Comments

  • Just use KVM.

  • marcmmarcm Member

    wtf, is this security month or something?!

  • MaouniqueMaounique Host Rep, Veteran

    Vacation.

  • bcrlsnbcrlsn Member

    @rm_ - I've moved nearly completely to Dedis.

  • flyfly Member

    not really sure how this would apply to solusvm hosts, as you would need to run your own kernel for this CVE to be relevant.

  • rm_rm_ IPv6 Advocate, Veteran
    edited June 2013

    not really sure how this would apply to solusvm hosts, as you would need to run your own kernel for this CVE to be relevant.

    I don't think you understood what this is about in the first place. Customers of "solusvm hosts" do in fact run their own kernels inside their VPSes. If one of them uses a kernel that is specifically malformed to trigger the bug and exploit the vulnerability, voila, they can root the host node.

  • @fly said:
    not really sure how this would apply to solusvm hosts, as you would need to run your own kernel for this CVE to be relevant.

    This applies to all Xen PV hosts, even Linode...

  • It's almost like linux is saying "DONG Bring out your dead". There's the proc vuln in the Linux Kernel, there's an elf exploit in the Linux Xen project (although I'd imagine that has something to do more with the dom0 kernel than with the xen.gz).

  • dnwkdnwk Member

    well, even dedis, some one can walk up to your machine and ....

  • rm_rm_ IPv6 Advocate, Veteran

    even dedis, some one can walk up to your machine

    Yeah, "some one" in a guarded facility, vs anyone who happened to pay $3 or whatever to the same provider.

  • rds100rds100 Member

    @dnwk said:
    well, even dedis, some one can walk up to your machine and ....

    Don't even need to walk. OVH's control panel got hacked, Hetzner's control panel got hacked...

  • dnwkdnwk Member

    @Jack said:
    Well we need to host everything in The Clouds don't we...

    Do you mean the real "cloud"?

  • dnwkdnwk Member

    @rm_ said:
    Yeah, "some one" in a guarded facility, vs anyone who happened to pay $3 or whatever to the same provider.

    Check rds100's post

  • dnwkdnwk Member
    edited June 2013

    @Jack said:
    dnwk yea

    What can the "real cloud" do, besides rain

  • dnwkdnwk Member

    @Jack said:
    Snow

    Let it snow!

  • I hear that The Cloud is quite comfortable to sleep on too.

  • anyNodeanyNode Member, Host Rep

    @Jack said:
    Snow

    Don't forget hail

Sign In or Register to comment.