Bug - IP Address

Bug - IP Address

[Ivan Stojcevic (Tronyx)]

 
Hello,
 
I just found a very sensitive bug in KVM and Xen platforms. Easily if you have VPS hosted on Xen or KVM you can assign yourself a IPv4 address for free and bypass regular system with billing.
I tried this on many VPS hosting companies and it work on all. If you would like to talk with me about this, you can get me on skype: ivans2901
 
Regards,

Re: Bug - IP Address

[Stefan Hajnoczi]

On Sat, Apr 19, 2014 at 11:41:33AM +0200, Ivan Stojcevic (Tronyx) wrote:
> I just found a very sensitive bug in KVM and Xen platforms. Easily if you have VPS hosted on Xen or KVM you can assign yourself a IPv4 address for free and bypass regular system with billing.
> I tried this on many VPS hosting companies and it work on all. If you would like to talk with me about this, you can get me on skype: ivans2901

This doesn't sound like a bug in Xen or KVM.  Rather it's an issue with
the VPS providers you tested.  They should lock down their network
appropriately (i.e. only allow MACs and IPs assigned to the guest).

Similar issues can also happen with dedicated servers if the provider
has not configured their routers correctly.

Please get in touch with the VPS providers or post more details here if
you think the issue lies in QEMU/KVM.

Stefan