LOW🇬🇧 English

CVE-2015-6927

CVSS 3.6v2.0pub. 2015-09-28upd. 2026-05-06

vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container (CT) root users to change the root password for arbitrary ploop containers, as demonstrated by a symlink attack on the ploop container root.hdd file and then access a control panel.

oryginał EN
CVSS Vector
AV:L/AC:L/Au:N/C:N/I:P/A:P
  • Openvz Vzctl

    APP
    Openvz
    ≤ 4.9.3
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Container
CWE
Referencje

Powiązane podatności

CVE-2013-6838HIGH10.0ten sam vendor

An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro (VIP...

CVE-2014-3519MEDIUM6.5ten sam vendor

The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel...

CVE-2013-2239MEDIUM4.7ten sam vendor

vzkernel before 042stab080.2 in the OpenVZ modification for the Linux kernel 2.6.32 does not initialize certai...