quickhostuk
We are currently in the process of performing emergency maintenance on our VPS hypervisors and other public facing servers. You will find your VPS is offline for the duration. This reason for this is detailed below.
“RedHat has identified a new privilege escalation vulnerability CVE-2015-1805 in RHEL 5 & 6 kernels that allows any local, unprivileged user to gain root access to the server. This issue is especially critical for shared hosting and virtual server environments. It affects all RHEL, CentOS, CloudLinux, Virtuozzo/OpenVZ servers and kernel update and reboot is required to fix it.”
About the vulnerability:
It was found that the Linux kernel’s implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. Details of the vulnerability can be found here: CVE-2015-1805
If you are not a QuickHostUK Managed Hosting customer please ensure you have also taken the appropriate actions to secure your own servers. Alternatively, we can handle this for you with our adhoc management scheme, which for this occurrence would be £25 inc VAT per server.
Please contact us if you wish to utilise this service or if you have any questions.
Kind Regards,
loading...
Last Post: Useful InputBox for Copying HardwareID out in VBScript
Next Post: EasyCron
