Alerts This Week
Warning Icon 1 631
Alerts This Week
Warning Icon 1 631

Gentoo GLSA 201701-30 Normal: Vzctl Bypass Threat on Ploop Containers

gentoo
Calendar Grey January 11, 2017
Dist Gentoo Esm H88
Learn about the latest Gentoo GLSA 202310-15 advisory regarding a security vulnerability in vzctl that impacts ploop containers.
A vulnerability in vzctl might allow attackers to gain control over ploop containers.

Summary

It was discovered that vzctl determined the virtual environment (VE) layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory. This allows local simfs container (CT) root usersto change the root password for arbitrary ploop containers. This is demonstrated by a symlink attack on the ploop container root.hdd file which can then be used to access a control panel.

Topics%20covered

Topics Covered

security advisory security issue gentoo normal severity ploop vzctl control tools

Resolution

All vzctl users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-cluster/vzctl-4.9.4"

References

[ 1 ] CVE-2015-6927 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6927

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201701-30
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: Normal
Title: vzctl: Security bypass
Date: January 11, 2017
Bugs: #560522
ID: 201701-30

Topics%20covered

Topics Covered

security advisory security issue gentoo normal severity ploop vzctl control tools

Synopsis

A vulnerability in vzctl might allow attackers to gain control over ploop containers.

Background

vzctl is a set of control tools for the OpenVZ server virtualization solution.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-cluster/vzctl < 4.9.4 >= 4.9.4

Impact

===== An attacker with root privileges, in a simfs-based container, could gain control over ploop-based containers.

Workaround

There is no known workaround at this time.

Related News

Your message here