Vulnerabilities > CVE-2006-2110 - Local Insecure Guest Context Capabilities vulnerability in Virtual Private Server Vserver 2.0.2/2.1.1
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and 2.1.x before 2.1.1-rc18 provides certain context capabilities (ccaps) that allow local guest users to perform operations that were only intended to be allowed by the guest-root. This vulnerability is addressed in the following product releases: Virtual Private Server, Vserver, 2.0.2-rc18 Virtual Private Server, Vserver, 2.1.1-rc18
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-1060.NASL |
description | Jan Rekorajski discovered that the kernel patch for virtual private servers does not limit context capabilities to the root user within the virtual server, which might lead to privilege escalation for some virtual server specific operations. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22602 |
published | 2006-10-14 |
reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/22602 |
title | Debian DSA-1060-1 : kernel-patch-vserver - programming error |
code |
|
References
- http://dev.croup.de/proj/gentoo-vps/browser/vserver-sources/2.0.1-r4/4915_vs2.0.1-vxcapable-fix.patch
- http://list.linux-vserver.org/archive/vserver/msg13167.html
- http://secunia.com/advisories/19961
- http://secunia.com/advisories/20206
- http://www.debian.org/security/2006/dsa-1060
- http://www.securityfocus.com/bid/17842
- http://www.vupen.com/english/advisories/2006/1661
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26285