Proxmox (LXC PVE Container) – Arbitrary File Access Vulnerability

Product Description:

Proxmox Virtual Environment is a complete server virtualization management solution, based on KVM and container virtualization.

Vulnerability Discussion:

The LXC implementation within Proxmox allows a malicious user to perform an attack against the PVE container which if successful would allow access to any file on the master node.

Vendor Contact Timeline:

2015-10-24: Vendor contacted via email.
2015-10-28: Vendor confirms vulnerability.
2015-10-29: Vendor issues update.
2015-11-18: RACK911 Labs issues security advisory.

About Us:

RACK911 Labs
1110 Palms Airport Drive, Suite 110
Las Vegas, NV 89119