Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Kernel Exploit Affecting OpenVZ Providers - node crash (CVE-2013-2224)
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Kernel Exploit Affecting OpenVZ Providers - node crash (CVE-2013-2224)

jakejake Member

Hey Guys,

Doing my regular rounds of weekend forum surfing, I found this thread created by Steven/Rack911 at Wht. Haven't seen this posted on Let yet... guess this gives me an excuse to finally sign up and make a post! ;-) I figured this is important to note considering there are a bunch of OpenVZ providers who hang out here.

CVE-2013-2224

--

We discovered a kernel exploit today.. Its been reported to Redhat, etc. and waiting to hear back from them..

This exploit will crash centos 6 machines and cause them to reboot and it will actually crash and reboot an entire openvz node when ran inside a vps running on the node.
Openvz 5 is affected since the required elements were backported into it. RHEL/Centos 5 is not affected.

More details coming soon.

In the mean time tortiselabs/nenolod released a temporary patch you can compile into your kernel: http://turtle.dereferenced.org/~nenolod/hemlock-fix.patch

Thanked by 1mpkossen

Comments

Sign In or Register to comment.