VYPR
Unrated severityNVD Advisory· Published Sep 28, 2015· Updated Jun 17, 2026

CVE-2015-6927

CVE-2015-6927

Description

vzctl before 4.9.4 determines the virtual environment (VE) layout based on the presence of root.hdd/DiskDescriptor.xml in the VE private directory, which allows local simfs container (CT) root users to change the root password for arbitrary ploop containers, as demonstrated by a symlink attack on the ploop container root.hdd file and then access a control panel.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Openvz/Vzctl2 versions
    cpe:2.3:a:openvz:vzctl:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:openvz:vzctl:*:*:*:*:*:*:*:*range: <=4.9.3
    • (no CPE)range: <4.9.4

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.