From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id E45CF9266 for ; Fri, 23 Jun 2023 19:04:59 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id C3A5038A98 for ; Fri, 23 Jun 2023 19:04:59 +0200 (CEST) Received: from relay.yourmailgateway.de (relay.yourmailgateway.de [188.68.63.174]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Fri, 23 Jun 2023 19:04:58 +0200 (CEST) Received: from mors-relay8204.netcup.net (localhost [127.0.0.1]) by mors-relay8204.netcup.net (Postfix) with ESMTPS id 4Qnk2F2cLbz8Zth for ; Fri, 23 Jun 2023 16:57:57 +0000 (UTC) Authentication-Results: mors-relay8204.netcup.net; dkim=permerror (bad message/signature format) Received: from policy01-mors.netcup.net (unknown [46.38.225.35]) by mors-relay8204.netcup.net (Postfix) with ESMTPS id 4Qnk2F1wW2z8ZtF for ; Fri, 23 Jun 2023 16:57:57 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at policy01-mors.netcup.net X-Spam-Flag: NO X-Spam-Score: -2.899 X-Spam-Status: No, score=-2.899 required=6.31 tests=[ALL_TRUSTED=-1, BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mx2fb1.netcup.net (unknown [10.243.12.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by policy01-mors.netcup.net (Postfix) with ESMTPS id 4Qnk253z6qz8sZM for ; Fri, 23 Jun 2023 18:57:49 +0200 (CEST) Received: from [127.0.0.1] (p548aa7b8.dip0.t-ipconnect.de [84.138.167.184]) by mx2fb1.netcup.net (Postfix) with ESMTPSA id 176238042B for ; Fri, 23 Jun 2023 18:57:45 +0200 (CEST) Authentication-Results: mx2fb1; spf=pass (sender IP is 84.138.167.184) smtp.mailfrom=proxmox@qwertz1.com smtp.helo=[127.0.0.1] Received-SPF: pass (mx2fb1: connection is authenticated) Date: Fri, 23 Jun 2023 18:57:41 +0200 From: Stefan To: Proxmox VE user list User-Agent: K-9 Mail for Android In-Reply-To: References: Message-ID: MIME-Version: 1.0 X-PPP-Message-ID: <168753946528.28453.3839720382039087062@mx2fb1.netcup.net> X-Rspamd-Queue-Id: 176238042B X-Rspamd-Server: rspamd-worker-8404 X-NC-CID: JWyE7z5ipUHcGf3r/0kVl6VF1+wuRjZDgCY6kd6t+VHH7w== X-SPAM-LEVEL: Spam detection results: 0 BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy HTML_MESSAGE 0.001 HTML included in message KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_PASS -0.001 SPF: HELO matches SPF record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [proxmox.com, tdtemcerts.wordpress.com, tdtemcerts.blogspot.com] Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: Re: [PVE-User] Is Proxmox VE vulnerable to ransomware like VMware vSphere? X-BeenThere: pve-user@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE user list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Jun 2023 17:04:59 -0000 Hi, I'm not sure which VMware exploit you're referring, but I think you mean t= he OpenSLP exploit=2E For that automated exploit one needs to not install patches + having manag= ement services access via WAN=2E So yes, ANY system connected to the internet is vulnerable in that sense, = only the attack surface can be minimized by e=2Eg=2E having an isolated man= agement network where those services are accessible=2E Stefan Am 23=2E Juni 2023 16:27:51 MESZ schrieb Turritopsis Dohrnii Teo En Ming <= tdtemccnp@gmail=2Ecom>: >Subject: Is Proxmox VE vulnerable to ransomware like VMware vSphere? > >Good day from Singapore, > >Recently, VMware vSphere has come under the spotlight because tens of >thousands of VMware vSphere installations are vulnerable to >ransomware=2E Ransomware gangs are actively targeting VMware vSphere=2E I= s >Proxmox VE vulnerable to ransomware like VMware vSphere? > >Please advise=2E Thank you=2E > >Regards, > >Mr=2E Turritopsis Dohrnii Teo En Ming >Targeted Individual in Singapore >Blogs: >https://tdtemcerts=2Eblogspot=2Ecom >https://tdtemcerts=2Ewordpress=2Ecom >GIMP also stands for Government-Induced Medical Problems=2E > >_______________________________________________ >pve-user mailing list >pve-user@lists=2Eproxmox=2Ecom >https://lists=2Eproxmox=2Ecom/cgi-bin/mailman/listinfo/pve-user >