Greetings, I tried some proof of concept code (cowroot.c) on an OpenVZ Legacy host as a user and it didn't work. Then I made a CentOS container on the same host, added a user, and tried to run cowroot as a user and it didn't work. When I say work, I mean the exploit didn't work.
I only tested one system once. Can anyone duplicate my findings? ----- Original Message ----- > Greetings, > > ----- Original Message ----- > > Are there plans to release new Openvz 6 kernels in repository soon? > > For some value of soon I would imagine. > > I still haven't heard if it has been verified that OpenVZ Legacy is > vulnerable or not. According to the Red Hat bugzilla page > (https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13), they > claim that EL5 and EL6 are not vulnerable because /proc/self/mem > isn't writable by default. > > I haven't tried an exploit program on an OpenVZ Legacy host node to > try. Anyone? > > EL7 is supposedly vulnerable so I'd expect a VZ7 update. > > TYL, > -- > Scott Dowdle > 704 Church Street > Belgrade, MT 59714 > (406)388-0827 [home] > (406)994-3931 [work] > _______________________________________________ > Users mailing list > Users@openvz.org > https://lists.openvz.org/mailman/listinfo/users > _______________________________________________ Users mailing list Users@openvz.org https://lists.openvz.org/mailman/listinfo/users
