Security Advisory

CVE-2015-6927

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2015-09-28 20:00:00

Last updated 2024-08-06 07:36:34

Assigner mitre

State PUBLISHED

Description

vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container (CT) root users to change the root password for arbitrary ploop containers, as demonstrated by a symlink attack on the ploop container root.hdd file and then access a control panel.

← Browse all CVEs View on cve.org ↗