June 25, 2014 at 01:32

OpenVZ Critical Vulnerability

    image

    OpenVZ simfs container restrictions bypass - CVE-2014-3519.

    It is possible to access files outside your container.

    The open_by_handle_at () function allows you to access files on a mounted file system using the file_handle structure.

    This allows an attacker to bypass simfs restrictions and gain access to all files on the main file system, including other virtual machines located on the same file system.

    Read more:

    OpenVZ simfs container filesystem breakout

    CU-2.6.32-042stab090.5 Parallels Virtuozzo Containers 4.7 Core Update

    UPD: http://twitter.com/_openvz_/status/481475202304339969
    Tags:

    Also popular now: