Proxmox (LXC PVE Container) – Arbitrary File Access Vulnerability
November 18, 2015 -
Proxmox Virtual Environment is a complete server virtualization management solution, based on KVM and container virtualization.
The LXC implementation within Proxmox allows a malicious user to perform an attack against the PVE container which if successful would allow access to any file on the master node.
Vendor Contact Timeline:
2015-10-24: Vendor contacted via email.
2015-10-28: Vendor confirms vulnerability.
2015-10-29: Vendor issues update.
2015-11-18: RACK911 Labs issues security advisory.
1110 Palms Airport Drive, Suite 110
Las Vegas, NV 89119