Security Advisory: /proc Filesystem Permission Vulnerability

Sean G. -

Overview

This notice is to advise the user groups identified below of a recently-discovered, /proc filesystem permission vulnerability. The issue was reported directly to Joyent Engineering by a security researcher.

Description

This high-severity vulnerability exists in the core SmartOS platform. The exploit allows non-root users to create objects in the /proc directory within the zone. The validations for filesystem permissions have been hardened to prevent such unauthorized actions.

The following user groups are affected:

  • Joyent customers using on-premises Triton software
  • All users of SmartOS, including Triton public cloud customers (the fix has already been applied across the entire public cloud)
  • Users of Open Source Triton

Actions Taken by Joyent

Joyent has created a new Platform Image (PI) containing fixes that address these vulnerabilities. This PI has been applied across the Triton public cloud. 

Actions You Need to Take

Triton Software and SmartOS Users:

You are advised to apply this fix by updating your current Platform Image (PI) to the next available release (20170105-20170105T023718Z or later) using the following command on the support channel:

sdcadm platform install --latest

Triton Public Cloud Users:

All necessary fixes have been applied to the Triton Cloud (public cloud). No user action is required.

Open Source Triton Users:

Support

If you are a Joyent customer and have any further questions or concerns after reading the information and instructions above, please contact Joyent Support.

Have more questions? Submit a request

0 Comments

Article is closed for comments.