# Emergency Maintenance on All BlueVM OpenVZ Services



## BlueVM (Jun 3, 2013)

This post is just to help catch anyone who has not already gotten an email from us about our current emergency maintenance.

Earlier this morning one of our pen testers came across a vulnerability in our OpenVZ Kernel which allows a container to escalate permissions to the root user on the host node.

Original email:
 



> Hello,
> 
> We are performing emergency maintenance on ALL of our OpenVZ node servers, meaning EVERY OpenVZ server will be affected.
> 
> ...


----------



## texteditor (Jun 3, 2013)

I think you are like two weeks late to this party


----------



## BlueVM (Jun 3, 2013)

@texteditor - This is an entirely different vulnerability. Thank you though...


----------



## texteditor (Jun 3, 2013)

Would a little disclosure be in order then if this is a 0-day?


----------



## BlueVM (Jun 3, 2013)

It affects the 2.6.18 VZ Kernels, not the newer 2.6.32 ones. Thus most hosts will not be effected by this, however we will be releasing this shortly.


----------



## BlueVM (Jun 3, 2013)

Anyone on 106.2 or below should upgrade to 107.1 as 107.1 is patched. This does not mean the vulnerability is known. It's still nonpublic.


----------

