HyperVM

[SplitIce]

Have you guys allowed access to your clients to hyperVM yet?

I was thinking it might be ok after reading this thread: http://forum.lxlabs.com/index.php?t=...12560&start=0&

Thoughts?

SplitIce Reviewed by SplitIce on 28th Jun 2009. HyperVM Have you guys allowed access to your clients to hyperVM yet? I was thinking it might be ok after reading this thread: http://forum.lxlabs.com/index.php?t=msg&th=12560&start=0& Thoughts? Rating: 5

[SplitIce]

no one has any details?

[desiboy]

they say its patched....but ask your host weather they have patched or not ?

[Krun!x]

Hai,

As most of you probably know, Kloxo / LXAdmin has a lot of vulns and most of them can be exploited via a symlink attack.

I doubt they patched HyperVM. After all, I can confirm there is still a couple of 0-days in Kloxo / LXAdmin. I'm not sure for HyperVM...

Anyway, here is a way to stop those symlinks attacks. Chmod /bin/ln to 700, it means only root will be able to use symlink. I'm not gonna explain what "chmod" is but I believe most of you know it already. For those who don't know, check this out:
http://en.wikipedia.org/wiki/Chmod

Also, there is a php symlink so you will need to disable "symlink" function in your php.ini

--Krun!x

[SplitIce]

ok well if its only symlink attacks we should be fine since the only filemanager provided by hypervm is that of the clients own VPS. But yes I will look into doing this, as far as I can find out the sql injections have been fixed and same with the lfi's.

Theres no 0-days you know of Krun!x?