Vulnerabilities > CVE-2006-2110 - Local Insecure Guest Context Capabilities vulnerability in Virtual Private Server Vserver 2.0.2/2.1.1

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
local
low complexity
virtual-private-server
nessus
NVD
Published: 2006-05-01
Updated: 2017-07-20

Summary

Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and 2.1.x before 2.1.1-rc18 provides certain context capabilities (ccaps) that allow local guest users to perform operations that were only intended to be allowed by the guest-root. This vulnerability is addressed in the following product releases: Virtual Private Server, Vserver, 2.0.2-rc18 Virtual Private Server, Vserver, 2.1.1-rc18

Vulnerable Configurations

Part Description Count
Application
Virtual_Private_Server
2

Nessus

NASL familyDebian Local Security Checks
NASL idDEBIAN_DSA-1060.NASL
descriptionJan Rekorajski discovered that the kernel patch for virtual private servers does not limit context capabilities to the root user within the virtual server, which might lead to privilege escalation for some virtual server specific operations.
last seen2020-06-01
modified2020-06-02
plugin id22602
published2006-10-14
reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/22602
titleDebian DSA-1060-1 : kernel-patch-vserver - programming error
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-1060. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(22602);
  script_version("1.14");
  script_cvs_date("Date: 2019/08/02 13:32:19");

  script_cve_id("CVE-2006-2110");
  script_xref(name:"DSA", value:"1060");

  script_name(english:"Debian DSA-1060-1 : kernel-patch-vserver - programming error");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Jan Rekorajski discovered that the kernel patch for virtual private
servers does not limit context capabilities to the root user within
the virtual server, which might lead to privilege escalation for some
virtual server specific operations."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2006/dsa-1060"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the kernel-patch-vserver package and rebuild the kernel
immediately.

The old stable distribution (woody) does not contain
kernel-patch-vserver packages.

For the stable distribution (sarge) this problem has been fixed in
version 1.9.5.6."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:kernel-patch-vserver");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/05/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
  script_set_attribute(attribute:"vuln_publication_date", value:"2006/04/28");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.1", prefix:"kernel-patch-vserver", reference:"1.9.5.6")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());
  else security_note(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

References