Emergency Maintenance on All BlueVM OpenVZ Services

BlueVM · Jun 3, 2013

This post is just to help catch anyone who has not already gotten an email from us about our current emergency maintenance.

Earlier this morning one of our pen testers came across a vulnerability in our OpenVZ Kernel which allows a container to escalate permissions to the root user on the host node.

Original email:

Hello,

We are performing emergency maintenance on ALL of our OpenVZ node servers, meaning EVERY OpenVZ server will be affected.

The kernel we operate on needs to be upgraded as soon as possible. But unfortunately this requires us to reboot each node server.

It should take no longer than 5 minutes per server. We are performing this maintenance NOW.

We apologize for the inconvenience caused, and the short notice. This was unavoidable.

If you have any questions, feel free to open a ticket.

Best Regards,
BlueVM Support
https://bluevm.com

texteditor · Jun 3, 2013

I think you are like two weeks late to this party

BlueVM · Jun 3, 2013

@texteditor - This is an entirely different vulnerability. Thank you though...

texteditor · Jun 3, 2013

Would a little disclosure be in order then if this is a 0-day?

BlueVM · Jun 3, 2013

It affects the 2.6.18 VZ Kernels, not the newer 2.6.32 ones. Thus most hosts will not be effected by this, however we will be releasing this shortly.

BlueVM · Jun 3, 2013

Anyone on 106.2 or below should upgrade to 107.1 as 107.1 is patched. This does not mean the vulnerability is known. It's still nonpublic.

Emergency Maintenance on All BlueVM OpenVZ Services

BlueVM

New Member

texteditor

Premium Buffalo-based Hosting

BlueVM

New Member

texteditor

Premium Buffalo-based Hosting

BlueVM

New Member

BlueVM

New Member