OpenVZ (Vzctl) – SimFS To Ploop Container Takeover Vulnerability

Product Description:

OpenVZ (Open Virtuozzo) is an operating system-level virtualization technology based on the Linux kernel and operating system. OpenVZ allows a physical server to run multiple isolated operating system instances, called containers, virtual private servers (VPSs), or virtual environments (VEs).

Vulnerability Discussion:

It is possible for a malicious user with a SimFS container to take over another users Ploop container under certain circumstances, particularly that the Ploop container is not currently running.

Vendor Contact Timeline:

2015-07-30: Vendor contacted via email.
2015-07-31: Vendor confirms vulnerability.
2015-08-25: Vendor issues update.
2015-08-26: RACK911 Labs issues security advisory.

About Us:

RACK911 Labs
1110 Palms Airport Drive, Suite 110
Las Vegas, NV 89119