Privilege Escalation via Symlink Attack on Ploop Containers in vzctl before 4.9.4

Privilege Escalation via Symlink Attack on Ploop Containers in vzctl before 4.9.4

CVE-2015-6927 · LOW Severity

AV:L/AC:L/AU:N/C:N/I:P/A:P

vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container (CT) root users to change the root password for arbitrary ploop containers, as demonstrated by a symlink attack on the ploop container root.hdd file and then access a control panel.

Learn more about our User Device Pen Test.