EUVD-2015-6861

Malware in sbrugna...

Important kernel security update: Virtuozzo ReadyKernel patch 72.0 for all supported Virtuozzo kernels and that of Virtuozzo Infrastructure Platform 2.5

The cumulative Virtuozzo ReadyKernel patch was updated with a security fix. The patch applies to all supported Virtuozzo kernels and that of Virtuozzo Infrastructure Platform 2.5. Vulnerability id: PSBM-91042 It was discovered that a malicious user logged in to a Virtuozzo container could...

GLSA-201701-30 : vzctl: Security bypass

The remote host is affected by the vulnerability described in GLSA-201701-30 vzctl: Security bypass It was discovered that vzctl determined the virtual environment VE layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory. This allows local simfs container CT root...

CVE-2015-6927

vzctl before 4.9.4 determines the virtual environment VE layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container CT root users to change the root password for arbitrary ploop containers, as demonstrated by a symlink attack on the...

Design/Logic Flaw

vzctl before 4.9.4 determines the virtual environment VE layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container CT root users to change the root password for arbitrary ploop containers, as demonstrated by a symlink attack on the...

CVE-2015-6927

vzctl before 4.9.4 determines the virtual environment VE layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container CT root users to change the root password for arbitrary ploop containers, as demonstrated by a symlink attack on the...

CVE-2015-6927

CVE-2015-6927 affects vzctl (OpenVZ control tools) up to version 4.9.4. The vulnerability arises because vzctl determines the VE layout by checking for the presence of root.hdd/DiskDescriptor.xml in the VE private directory. This allows a local root user inside a simfs container to exploit a syml...

CVE-2015-6927

vzctl before 4.9.4 determines the virtual environment VE layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container CT root users to change the root password for arbitrary ploop containers, as demonstrated by a symlink attack on the...

CVE-2015-6927

Removed by vendor...

Debian new version released: fix PHP and VirtualBox vulnerability-vulnerability warning-the black bar safety net

! The Debian maintainer has released a new version of theoperating systemto resolve the presence of multiple vulnerabilities, including a few PHP vulnerabilities, and Oracle’s VirtualBox（hereinafter referred to as the VBox application of a vulnerability. Fix PHP multiple vulnerabilities The new...

vzctl privilege escalation

It's possible to get control over ploop-based containers...

[SECURITY] [DSA 3357-1] vzctl security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3357-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 13, 2015 https://www.debian.org/security/faq -...

New Debian Releases Fix PHP, VirtualBox Bugs

The maintainers of Debian have released new packages to fix several vulnerabilities, including a number of bugs in PHP and an unspecified flaw in Oracle’s VirtualBox application. Among the patches is one for the VirtualBox bug, which is difficult to describe, because Oracle no longer publishes an...

Debian DSA-3357-1 : vzctl - security update

It was discovered that vzctl, a set of control tools for the OpenVZ server virtualisation solution, determined the storage layout of containers based on the presence of an XML file inside the container. An attacker with local root privileges in a simfs-based container could gain control over...

[SECURITY] [DSA 3357-1] vzctl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3357-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 13, 2015 https://www.debian.org/security/faq -...

Debian Security Advisory DSA 3357-1 (vzctl - security update)

It was discovered that vzctl, a set of control tools for the OpenVZ server virtualisation solution, determined the storage layout of containers based on the presence of an XML file inside the container. An attacker with local root privileges in a simfs-based container could gain control over...

DSA-3357-1 vzctl - security update

Bulletin has no description...

Debian: Security Advisory (DSA-3357-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...