* [pve-devel] SPAM: [Security] Arbitrary file reading via malicious VM config
@ 2024-11-27 0:14 James Brown via pve-devel
2024-11-27 0:40 ` [pve-devel] SPAM: [Security] Arbitrary file reading via maliciousVM config James Brown via pve-devel
0 siblings, 1 reply; 2+ messages in thread
From: James Brown via pve-devel @ 2024-11-27 0:14 UTC (permalink / raw)
To: Fabio Fantoni via pve-devel; +Cc: James Brown
[-- Attachment #1: Type: message/rfc822, Size: 5314 bytes --]
From: "James Brown" <randomvoidmail@foxmail.com>
To: "Fabio Fantoni via pve-devel" <pve-devel@lists.proxmox.com>
Subject: SPAM: [Security] Arbitrary file reading via malicious VM config
Date: Wed, 27 Nov 2024 08:14:28 +0800
Message-ID: <tencent_C3D2C670AE0CC99C45BA8C83853D3BDE0205@qq.com>
I suspect a security flaw within ESXi VM import. If a malicious actor forges a VMWare VM config with root paths such as /var/log/auth.log, could lead to potential data leak if the import task is executed.
[-- Attachment #2: Type: text/plain, Size: 160 bytes --]
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [pve-devel] SPAM: [Security] Arbitrary file reading via maliciousVM config
2024-11-27 0:14 [pve-devel] SPAM: [Security] Arbitrary file reading via malicious VM config James Brown via pve-devel
@ 2024-11-27 0:40 ` James Brown via pve-devel
0 siblings, 0 replies; 2+ messages in thread
From: James Brown via pve-devel @ 2024-11-27 0:40 UTC (permalink / raw)
To: Proxmox VE development discussion; +Cc: James Brown
[-- Attachment #1: Type: message/rfc822, Size: 6065 bytes --]
From: "James Brown" <randomvoidmail@foxmail.com>
To: "Proxmox VE development discussion" <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] SPAM: [Security] Arbitrary file reading via maliciousVM config
Date: Wed, 27 Nov 2024 08:40:41 +0800
Message-ID: <tencent_34190E94319B774BBF70D0B31FC74F414A0A@qq.com>
This is not a spam.
---Original---
From: "James Brown via pve-devel"<pve-devel@lists.proxmox.com>
Date: Wed, Nov 27, 2024 08:31 AM
To: "Fabio Fantoni via pve-devel"<pve-devel@lists.proxmox.com>;
Cc: "James Brown"<randomvoidmail@foxmail.com>;
Subject: [pve-devel] SPAM: [Security] Arbitrary file reading via maliciousVM config
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[-- Attachment #2: Type: text/plain, Size: 160 bytes --]
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-11-27 0:41 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-11-27 0:14 [pve-devel] SPAM: [Security] Arbitrary file reading via malicious VM config James Brown via pve-devel
2024-11-27 0:40 ` [pve-devel] SPAM: [Security] Arbitrary file reading via maliciousVM config James Brown via pve-devel
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal