On Fri, Oct 21, 2016 at 04:43:16PM -0600, Scott Dowdle wrote: > I still haven't heard if it has been verified that OpenVZ Legacy is > vulnerable or not.
It is. Verified. The "pokemon" PoC works on RHEL6 & RHEL5, as long as you have 2+ logical CPUs. > According to the Red Hat bugzilla page > (https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13), they claim that > EL5 and EL6 are not vulnerable No, they correctly claim the opposite. > because /proc/self/mem isn't writable by default. Yes, but this only affects the initially publicized attack vector. Alexander _______________________________________________ Users mailing list Users@openvz.org https://lists.openvz.org/mailman/listinfo/users
