Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


solusvm exploit?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

solusvm exploit?

flyfly Member
edited May 2012 in General

heard there was an exploit. but the greedy admins over at webhostingtalk are putting it behind the paywall known as "premium members forum".

anyone wanna tell the lowly folk?

«1

Comments

  • laaevlaaev Member
    edited May 2012

    I'm a premium member...

    Don't see anything. Please send me the URL to the thread

    I know mr. backtogeek Anthony likes to make solusvm trash threads (over 3 so far from him on WHT), so it could be an old one he made that you are seeing.

  • WilliamWilliam Member

    I don't see anything either, please send me the link also :)

  • jarjar Patron Provider, Top Host, Veteran

    I keep hearing little mentions of exploits but I've not seen anything credible. That wouldn't be speaking of WHT premium forum, just the places I lurk.

  • cosmicgatecosmicgate Member
    edited May 2012

    out of the topic but is it worth it to upgrade to premium membership on wht?

    anyone willing to lend me his account just to check out what's in the premium section?

  • Mon5t3rMon5t3r Member

    just another way for making an advertisement..

  • laaevlaaev Member
    edited May 2012

    @cosmicgate said: out of the topic but is it worth it to upgrade to premium membership on wht?

    No, there is only one premium member chat thread where people talk about random stuff, but the group there has gotten really lame lately.

    If you are a web host company though, corporate membership is $375 per 3 months and I would say that is worth it, @FTNChris has it and it has keyword alerts so you will get instant keyword notifications if anyone on WHT mentions your company name.

    But for premium, the only advantage you get is the fancy user title and access to a premium member chat thread where people talk about random stuff, all of the fun people no longer participate there and I like LET better ;) I might not renew my premium membership when it comes up for expiry in the next month or two.

    @cosmicgate said: anyone willing to lend me his account just to check out what's in the premium section?

    Account sharing is not allowed.

  • AnthonySmithAnthonySmith Member, Patron Provider

    @FTN_Kevin take your head out of your arse please.

    Go and read the posts I made not the responses by the mindless zombies and see if you still think they are trash threads.

    They were made to inform and warn only as solusvm failed to communicate.

    I have no idea about any specific exploits just a password weakness issue where by if you don't manually update key bits of software and edit some configs and you run centos 5.x with SolusVM your users passwords are not sent to the VPS during install correctly as they fall back on DES during the pass off by the API.

    which means if your user chose this password: "fuftnkevin^^%A23//;'[---)()**&^jhgh"

    the VPS will allow root level login with the first 8 char only so that complex password becomes fuftnkev or any combination beyond 8 char.

    Given that I made this very public a LONG time ago and solusvm sent out a comm after that (but not a fix) you think it was me trashing them by posting a thread on how to fix it?

    If any hosts want to know how to patch up the issue let me know, although I expect (and hope) you have all done it already or noticed the changes in makepasswd in the later 5.x versions and fixed it anyway by default like a good little sysadmin.

    Afaik it affects xen and openvz not tested on kvm (yet)

  • It wont effect KVM since you cant set the root password from SolusVM :P

  • AnthonySmithAnthonySmith Member, Patron Provider

    Well there you go then :)

  • flyfly Member

    Derek is a troll then.

  • miTgiBmiTgiB Member

    @kbar said: Derek is a troll then.

    You just figuring this out?

  • vldvld Member
    edited May 2012

    There was an exploit roaming around the web, but they fixed it (by mistake, afaik) in the latest versions. Also, according some sources, there is one more solusvm vulnerability that hasn't been published yet.
    Here's 2 advisories (vulns now patched):
    http://safeornot.net/advisories/solusvm-01
    http://safeornot.net/advisories/solusvm-02

    Thanked by 1djvdorp
  • raindog308raindog308 Administrator, Veteran

    @cosmicgate said: out of the topic but is it worth it to upgrade to premium membership on wht?

    Not really. I forget why I did but I doubt I will renew. You get to post ads in some areas more often, you get the user title, and women flock to you because you're VIP, but other than that...

    The premium member section, as I recall, allows you to browse topics, just not read threads, so you can see what's up.

  • FRCoreyFRCorey Member

    Maybe that's why Linode is sending alerts of an "Unpublished" exploit and they're migrating users off certain nodes. Meh.

  • rds100rds100 Member

    @FRCorey Linode uses solusvm?

  • @rds100 said: @FRCorey Linode uses solusvm?

    Nah they dont.

  • laaevlaaev Member

    @AnthonySmith said: take your head out of your arse please.

    All I hear from you on WHT is "URGENT! MUST READ FOR HOSTERS! SOLUSVM ISSUE!"

    Seriously it gets old...

  • AnthonySmithAnthonySmith Member, Patron Provider

    @FTN_Kevin

    I guess that just shows how completely ignorant you are then.

    Like I said, take your head out of your arse, you might just learn something.

    If a CP that many people use has issues would you rather everyone kept quiet...? actually your response answered that already, you would.. common sense is a god given gift and people like you show show that the vast majority of people were not given it.

  • laaevlaaev Member
    edited May 2012

    @AnthonySmith

    Get off your high horse.

    I don't see you doing anything about it, all I hear is "SIGH SIGH SIGH SOLUSVM SUCKS" on WHT ... you're posting on WHT clearly for attention.

    If you truly wanted it resolved you would work with SolusVM directly and get it fixed.

  • AldryicAldryic Member

    Bickering over actions on another forum is not worth your time, gentlemen.

  • jarjar Patron Provider, Top Host, Veteran

    Personally I'd take it to Solus before making it public. The only reason to do it that way is because they listened to you and haven't issued a fix, you have some sort of malicious intent, or for attention. As to which is true, I make no assumptions or implications.

  • AnthonySmithAnthonySmith Member, Patron Provider
    edited May 2012

    @FTN_Kevin I can only come to the conclusion that you are wilfully ignorant, if you want to get in to quoting I am happy to do so, I have worked with solusvm directly, my original posts were simply warning other hosts about stability issues with TC I even posted a public apology to solusvm because idiots like you threw an informative thread way off track, and it was posted because my responses from solusvm were along the lines of "hmm that's odd"

    I can only assume you have the butt hurt because it was pointed out that you managed things poorly in another thread, being scared of KVM is not a good start to a new brand.

    And you sir are the one that needs to get of that high horse, you bought a budget host or 2 for peanuts and now you think your the big man on campus, grow up and consider your responses.

    You clearly dragged up months and months old posts from another forum to get my attention, well done you got it and it will not be going away.

    I apologized to you in the past because you felt I was attacking you for telling the truth about your sloppy take over and misleading figures and your general attitude towards the minority of your customers because you don't know anything about KVM and probably not much about xen given your previous comments, however despite the fact you accepted you obviously still have issues with me and are trying to drag me down with half truths.

    Grow a pair and grow up.

    @Aldryic I thought this was handled via email but clearly Kevin thought otherwise and decided to have a jab, yes it has me angry and I don't really feel like letting it go at this point.

  • laaevlaaev Member
    edited May 2012

    @AnthonySmith I only brought it up as you are pretty much the only one crying on WHT about SolusVM issues, and I figured the OP could of been reading an older thread that you made about SolusVM considering you made well over 3 of them on WHT in the past few months or so, and that you are a premium member.

    I haven't really seen anyone else make similar threads, it was you who brought this LET thread off topic, insulting me etc.

  • AnthonySmithAnthonySmith Member, Patron Provider

    @FTN_Kevin "I know mr. backtogeek Anthony likes to make solusvm trash threads"

    I think I have already covered that but feel free to cling on to it if it makes you feel better.

    You threw the first one, don't take the moral high ground please, you may not have seen people make similar threads, that does not mean other hosts should not be informed of issues with software.

    People have made a few threads about issues with WHMCS for obvious reasons lately I dont see how it is any different, they are just letting people know what is up when the vendors fail to communicate effectively.

  • aubsaubs Member

    @FTN_Kevin said: ...If you are a web host company though, corporate membership is $375 per 3 months and I would say that is worth it, @FTNChris has it and it has keyword alerts so you will get instant keyword notifications if anyone on WHT mentions your company name.

    Isn't that what a Google Alert does, though I appreciate it isn't as real-time as a forum messaging you for update, but it does it for free for all publicly accessible sites (not just the site you pay for), and Google does seem to index forums pretty damn quickly!

  • laaevlaaev Member

    @AnthonySmith Your threads are SolusVM trash threads. Anyone who reads them, even for half a minute can easily attest for this.

    http://www.webhostingtalk.com/showthread.php?t=1118989

    I am going to quote just a few examples from this ONE thread, let's not forget you have 2-3 other threads too:

    "its hard to type this in a way that my frustrations will be felt so I am going to stick with....... SIGH!!!!!!!!!!!!!!!!"

    "Its fine to say that it is always safer not to update to the most recent release for a long period of time but that issue has now been present for around 5 releases some of the updates in between were security related so it was never an option."

    "SIGH................"

  • laaevlaaev Member

    @aubs said: Isn't that what a Google Alert does, though I appreciate it isn't as real-time as a forum messaging you for update, but it does it for free for all publicly accessible sites (not just the site you pay for), and Google does seem to index forums pretty damn quickly!

    I'll definately look into Google Alert, however if someone mentions your company in a regular thread that doesn't have your company name in the title or tags I doubt it will catch on to it and index quickly.

  • AldryicAldryic Member

    Can that go to PM, gents? Think of how it reflects upon your own companies; nobody wants their reputation tarnished for a few words said in anger.

    Thanked by 2TheHackBox netomx
  • laaevlaaev Member
    edited May 2012

    @Aldryic said: Can that go to PM, gents? Think of how it reflects upon your own companies; nobody wants their reputation tarnished for a few words said in anger.

    This will be my last word regarding this matter, Anthony clearly fails to realize my point and is now personally attacking me and telling me to "remove my head from my arse" and other personal insults, completely unrelated with the original point I intended to mention.

  • AnthonySmithAnthonySmith Member, Patron Provider

    @FTN_Kevin ok fair enough, I will just put this down to you being part of another point and click host with a chip on their shoulder about not being allowed to get away with posting half truths and attacking other hosts.

    I am not really prepared to take it to PM @Aldryic Kevin decided to publicly post some BS about me I am happy to defend myself in public also.

Sign In or Register to comment.