All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Kernel Exploit Affecting OpenVZ Providers - node crash (CVE-2013-2224)
Hey Guys,
Doing my regular rounds of weekend forum surfing, I found this thread created by Steven/Rack911 at Wht. Haven't seen this posted on Let yet... guess this gives me an excuse to finally sign up and make a post! ;-) I figured this is important to note considering there are a bunch of OpenVZ providers who hang out here.
CVE-2013-2224
--
We discovered a kernel exploit today.. Its been reported to Redhat, etc. and waiting to hear back from them..
This exploit will crash centos 6 machines and cause them to reboot and it will actually crash and reboot an entire openvz node when ran inside a vps running on the node.
Openvz 5 is affected since the required elements were backported into it. RHEL/Centos 5 is not affected.
More details coming soon.
In the mean time tortiselabs/nenolod released a temporary patch you can compile into your kernel: http://turtle.dereferenced.org/~nenolod/hemlock-fix.patch
Comments
So, I guess someone was after us with all these reboots we had...
As i suspsected but uncle thinks I am paranoid (not that I disagree, just at times paranoia is proven right :P).
This is what we keep ksplice going for, because there's a crash bug softlock in OpenVZ that still has not been resolved and many hosts just cant upgrade right now. Irritating. At least security exploits get handled through kSplice
@Nick_A
Why did you mention me?
@Nick_A - Your sig was "stolen" by someone. LOL!
I'm confused...
From the looks of it, it might be a buffer overflow instead of just a DoS.
Not might be, it is a buffer overflow attack.
Patch is already out, build your kernel with it and you should be fine.
@CentrioHost
Please let there be an official patch soon. Building kernels is so much fun, eh @Rallias?
We had this patched last night, hopefully no providers get affected by this.
Eh, so long as you have a complete set of sources it isn't that bad... it's wrong to do on package-managed distributions though...
Updated kernels have been released by OpenVZ with the fix for this exploit.
RHEL5 https://openvz.org/Download/kernel/rhel5-testing/028stab107.2
RHEL6 https://openvz.org/Download/kernel/rhel6/042stab078.27
Patched CloudLinux is now out.