vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container (CT) root users to change the root password for arbitrary ploop containers, as demonstrated by a symlink attack on the ploop container root.hdd file and then access a control panel.
CVSS Vector
AV:L/AC:L/Au:N/C:N/I:P/A:POpenvz Vzctl
APPOpenvz≤ 4.9.3
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Container
CWE
References
Related vulnerabilities
CVE-2013-6838HIGH10.0ten sam vendor
An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro (VIP...
CVE-2014-3519MEDIUM6.5ten sam vendor
The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel...
CVE-2013-2239MEDIUM4.7ten sam vendor
vzkernel before 042stab080.2 in the OpenVZ modification for the Linux kernel 2.6.32 does not initialize certai...