PT-2015-7408 · Parallels · Vzctl

Published

2015-09-13

Updated

2017-07-01

CVE-2015-6927

CVSS v2.0

3.6

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions vzctl versions prior to 4.9.4

Description The issue allows local simfs container root users to change the root password for arbitrary ploop containers. This can be achieved through a symlink attack on the ploop container root.hdd file, which then grants access to a control panel.

Recommendations For versions prior to 4.9.4, update to version 4.9.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the VE private directory to prevent symlink attacks on the ploop container root.hdd file.

Exploit

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2015-6927

DSA-3357-1

Affected Products

Vzctl

PT-2015-7408 · Parallels · Vzctl

CVE-2015-6927

Weakness Enumeration

Related Identifiers

Affected Products

References · 10