New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
New XEN exploit ?
http://threatpost.com/en_us/blogs/virtual-machine-escape-exploit-targets-xen-090612
Please secure if not done already providers, thanks ^_^
Comments
holy shit hopefully all xen providers will patch up ^_^
Oh no.
Prob is nodes could be kitted by now
That article talks about this exploit from back in June.
Quote from end of article: "This story was updated on Sept. 6 to add comments from Tim Deegan and a clarification that Citrix also added a hotfix in June."
old exploit is old
http://blog.linode.com/2012/06/13/xen-security-advisories-and-how-we-handled-them/
iirc lfcvps and inceptionhosting have already patched the issue.
@fly indeed, pretty sure securedragon did too.
Don't forget the inconvenient truth though, this was called a 'Xen' exploit because Xen patched it first and the POC was done on Xen, the reality is that it affects OpenVZ, Vmware, KVM etc too, no doubt a few nasty private exploits floating around.