PT-2005-5595 · Debian · Kernel-Patch-Vserver+1

Bjørn Steinbrink

Published

1970-01-01

Updated

2018-10-04

CVE-2005-4347

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions kernel-patch-vserver versions prior to 1.9.5.5 kernel-patch-vserver versions prior to 2.3

Description The issue affects the kernel-patch-vserver package in Debian GNU/Linux, allowing attackers to access files on the host system that are outside of the vserver. This can lead to a breach of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely.

Recommendations For kernel-patch-vserver versions prior to 1.9.5.5, update to version 1.9.5.5 or later. For kernel-patch-vserver versions prior to 2.3, update to version 2.3 or later. As a temporary workaround, consider restricting access to the util-vserver functionality until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-03164

BDU:2015-03165

CVE-2005-4347

DSA-1011-1

Affected Products

Kernel-Patch-Vserver

Util-Vserver

PT-2005-5595 · Debian · Kernel-Patch-Vserver+1

CVE-2005-4347

Related Identifiers

Affected Products

References · 10