New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Xen kernel loader vulnerability
http://www.openwall.com/lists/oss-security/2013/06/20/4
A malicious PV domain administrator who can specify their own kernel
can escalate their privilege to that of the domain construction tools
(i.e., normally, to control of the host).
So one can boot a specially crafted kernel inside a VPS, and gain control of the host node.
Looks like these days you can't trust anything - OpenVZ, Solus, now Xen. Makes me want to cancel all my remaining VPSes and just move everything to dedis.
Comments
Just use KVM.
wtf, is this security month or something?!
Vacation.
@rm_ - I've moved nearly completely to Dedis.
not really sure how this would apply to solusvm hosts, as you would need to run your own kernel for this CVE to be relevant.
I don't think you understood what this is about in the first place. Customers of "solusvm hosts" do in fact run their own kernels inside their VPSes. If one of them uses a kernel that is specifically malformed to trigger the bug and exploit the vulnerability, voila, they can root the host node.
This applies to all Xen PV hosts, even Linode...
It's almost like linux is saying "DONG Bring out your dead". There's the proc vuln in the Linux Kernel, there's an elf exploit in the Linux Xen project (although I'd imagine that has something to do more with the dom0 kernel than with the xen.gz).
well, even dedis, some one can walk up to your machine and ....
Yeah, "some one" in a guarded facility, vs anyone who happened to pay $3 or whatever to the same provider.
Don't even need to walk. OVH's control panel got hacked, Hetzner's control panel got hacked...
Do you mean the real "cloud"?
Check rds100's post
What can the "real cloud" do, besides rain
Let it snow!
I hear that The Cloud is quite comfortable to sleep on too.
Don't forget hail