Geekly Articles each Day
📜 ⬆️ ⬇️

OpenVZ Critical Vulnerability

image

OpenVZ simfs container restrictions bypass - CVE-2014-3519.

It is possible to access files outside of its container.
')
The open_by_handle_at () function allows you to access files on a mounted file system using the file_handle structure.

This allows an attacker to bypass simfs restrictions and access all files on the main file system, including other virtual machines located on the same file system.

More details:

OpenVZ simfs container filesystem breakout

CU-2.6.32-042stab090.5 Parallels Virtuozzo Containers 4.7 Core Update

UPD: http://twitter.com/_openvz_/status/481475202304339969

Source: https://habr.com/ru/post/227497/

More articles:


All Articles