Uploaded image for project: 'OpenVZ'
  1. OpenVZ
  2. OVZ-6296

CVE-2015-2925 affects EL6-based openvz kernel with simfs-based containers

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Fix Version/s: OpenVZ-legacy
    • Component/s: Containers::Kernel
    • Security Level: Public
    • Environment:
      Operating System: RHEL/CentOS 6
      Platform: All

      Description

      IRC nick TheJH reported in the #openvz IRC channel on June 10th... that CVE-2015-2925 affects the EL6-based OpenVZ kernel with simfs-based containers... and that it is trival to modify files on the host system (thinks like /etc/shadow). Red Hat doesn't seem interested in fixing this bug as seen here:

      https://access.redhat.com/security/cve/CVE-2015-2925

      They say it affects their EL6 and EL7 kernels and that.. "Future kernel updates for Red Hat Enterprise Linux 6 and 7 and Red Hat Enterprise MRG 2 may address this issue."

      I'm guessing it is going to take OpenVZ intervention to get this bug fixed in the OpenVZ kernel.

      Luckily all of my containers are using ploop-based storage which, so far as we know, are not affected by this bug.

        Attachments

          Activity

            People

            • Assignee:
              vvs Vasily Averin
              Reporter:
              dowdle@montanalinux.org Scott Dowdle
            • Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: