CVE-2014-3519

Name of the Vulnerable Software and Affected Versions vzkernel versions prior to 042stab090.5

Description The issue is related to the open by handle at function in the vzkernel when using simfs. It might allow local container users with CAP DAC READ SEARCH capability to bypass an intended container protection mechanism. This could enable access to arbitrary files on a filesystem via vectors related to the use of the file handle structure.

Recommendations For vzkernel versions prior to 042stab090.5, update to version 042stab090.5 or later to resolve the issue. As a temporary workaround, consider restricting the CAP DAC READ SEARCH capability for local container users to minimize the risk of exploitation.