Virtuozzo raised the alarm about a Linux Kernal exploit this week, after uploading a fix Virtuozzo 7 customers. The vulnerability is only present in recent Linux kernels, so users of older versions are not affected by the exploit.
“If you haven’t heard, a security exploit caused by race condition in the packet_set_ring function has been discovered in the Linux Kernel,” a company blog post says. “It allows a malware user to crash your kernel, escalate one’s privileges, or in the case of Virtuozzo 7, potentially even exploit a host through the virtual private server. This creates a potential danger for service providers to have their servers crashed or hacked through that vulnerability.”
The exploit highlights the need for vigilant attention to be paid to security, and Virtuozzo says its proactive, dedicated security team shows its commitment to immediately act to fix exploits when they are discovered by security specialists. Philip Pettersson discovered and disclosed the vulnerability, while Solar Designer coordinated the fix, Virtuozzo says.
Going forward, Virtuozzo advises site administrators to monitor security announcements and communicate with peers, be proactive by working with vendors and providers to identify exploits early, and be fast with fixes.
Cloud veteran George Karidis was named Virtuozzo CEO in November.