On Sat, Apr 19, 2014 at 11:41:33AM +0200, Ivan Stojcevic (Tronyx) wrote: > I just found a very sensitive bug in KVM and Xen platforms. Easily if you > have VPS hosted on Xen or KVM you can assign yourself a IPv4 address for free > and bypass regular system with billing. > I tried this on many VPS hosting companies and it work on all. If you would > like to talk with me about this, you can get me on skype: ivans2901
This doesn't sound like a bug in Xen or KVM. Rather it's an issue with the VPS providers you tested. They should lock down their network appropriately (i.e. only allow MACs and IPs assigned to the guest). Similar issues can also happen with dedicated servers if the provider has not configured their routers correctly. Please get in touch with the VPS providers or post more details here if you think the issue lies in QEMU/KVM. Stefan -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
