MidnightBSD

Advisories for vserver

CVE-2003-1288 MEDIUM

Multiple race conditions in Linux-VServer 1.22 with Linux kernel 2.4.23 and SMP allow local users to cause a denial of service (kernel oops) via unknown attack vectors related to the (1) s_info and (2) ip_info data structures and the (a) forget_original_parent, (b) goodness, (c) schedule, (d) update_process_times, and (e) vc_new_s_context functions.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vserver linux-vserver 1.22
CVE-2004-2408 LOW

Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and earlier shares /proc permissions across all virtual and host servers, which allows local users with the ability to set permissions in /proc to obtain system information or cause a denial of service on other virtual servers or the host server.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vserver linux-vserver 1.3.9
vserver linux-vserver 1.9.1
vserver linux-vserver 1.20
vserver linux-vserver 1.24
vserver linux-vserver 1.3.3
vserver linux-vserver 1.25
vserver linux-vserver 1.3.0
vserver linux-vserver 1.23
vserver linux-vserver 1.3.4
vserver linux-vserver 1.3.6
vserver linux-vserver 1.3.8
vserver linux-vserver 1.26
vserver linux-vserver 1.3.2
vserver linux-vserver 1.3.7
vserver linux-vserver 1.27
vserver linux-vserver 1.3.1
vserver linux-vserver 1.3.5
vserver linux-vserver 1.22
vserver linux-vserver 1.21
CVE-2004-2613 HIGH

Unspecified vulnerability in procfs in the Linux-VServer stable branch for the 2.4 kernel before 1.23 and Linux-VServer development branch for the 2.4 kernel before 1.3.5 has unspecified impact and attack vectors, related to "write access to specific proc entries from a vserver context", a different vulnerability than CVE-2004-2408.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vserver linux-vserver 1.20
vserver linux-vserver 1.3.2
vserver linux-vserver 1.3.3
vserver linux-vserver 1.3.1
vserver linux-vserver 1.22
vserver linux-vserver 1.3.0
vserver linux-vserver 1.3.4
vserver linux-vserver 1.21
CVE-2005-0178 MEDIUM

Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service (crash) and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
linux linux_kernel 2.5.48
linux linux_kernel 2.5.49
linux linux_kernel 2.4.28
linux linux_kernel 2.0.8
linux linux_kernel 2.5.41
linux linux_kernel 2.0
linux linux_kernel 2.0.4
linux linux_kernel 2.2.7
linux linux_kernel 2.4.1
linux linux_kernel 2.5.19
linux linux_kernel 2.5.25
linux linux_kernel 2.0.14
linux linux_kernel 2.4.3
linux linux_kernel 2.5.23
linux linux_kernel 2.6.11.7
linux linux_kernel 2.5.21
linux linux_kernel 2.5.67
linux linux_kernel 2.5.33
linux linux_kernel 2.4.5
linux linux_kernel 2.4.6
linux linux_kernel 2.0.9
netkit linux_netkit 0.17
linux linux_kernel 2.2.22
linux linux_kernel 2.4.12
linux linux_kernel 2.0.30
linux linux_kernel 2.5.61
linux linux_kernel 2.5.31
linux linux_kernel 2.5.35
linux linux_kernel 2.0.18
linux linux_kernel 2.4.19
linux linux_kernel 2.4.9
linux linux_kernel 2.5.46
linux linux_kernel 2.2.15_pre20
linux linux_kernel 2.2.17
linux linux_kernel 2.2.6
linux linux_kernel 2.6.4
linux linux_kernel 2.0.31
linux linux_kernel 2.0.23
linux linux_kernel 2.1
linux linux_kernel 2.0.25
linux linux_kernel 2.6.11.1
linux linux_kernel 2.6.12
linux linux_kernel 2.1.89
linux linux_kernel 2.2.21
linux linux_kernel 2.0.16
linux linux_kernel 2.0.1
linux linux_kernel 2.0.36
linux linux_kernel 2.0.24
linux linux_kernel 2.5.9
linux linux_kernel 2.0.35
linux linux_kernel 2.4.24_ow1
linux linux_kernel 2.0.29
linux linux_kernel 2.5.53
linux linux_kernel 2.4.20
linux linux_kernel 2.5.66
linux linux_kernel 2.0.20
linux linux_kernel 2.6.11.5
linux linux_kernel 2.0.11
linux linux_kernel 2.5.43
linux linux_kernel 2.5.0
linux linux_kernel 2.5.51
linux linux_kernel 2.3.0
linux linux_kernel 2.0.21
linux linux_kernel 2.4.30
vserver linux-vserver 1.21
linux linux_kernel 2.2.20
linux linux_kernel 2.4.17
linux linux_kernel 2.5.28
linux linux_kernel 2.2.14
linux linux_kernel 2.4.23_ow2
linux linux_kernel 2.2.16
linux linux_kernel 2.5.68
linux linux_kernel 2.2.27
linux linux_kernel 2.4.13
linux linux_kernel 2.5.45
linux linux_kernel 2.6.6
linux linux_kernel 2.5.13
linux linux_kernel 2.4.31
linux linux_kernel 2.5.10
linux linux_kernel 2.6.11.4
linux linux_kernel 2.4.14
linux linux_kernel 2.2.15
linux linux_kernel 2.5.34
linux linux_kernel 2.6.3
linux linux_kernel 2.0.34
linux linux_kernel 2.6.11.8
linux linux_kernel 2.4.21
linux linux_kernel 2.5.44
linux linux_kernel 2.5.11
linux linux_kernel 2.4.10
linux linux_kernel 2.5.59
linux linux_kernel 2.5.4
linux linux_kernel 2.5.17
linux linux_kernel 2.4.29
linux linux_kernel 2.0.33
linux linux_kernel 2.0.7
linux linux_kernel 2.4.27
linux linux_kernel 2.5.1
linux linux_kernel 2.4.11
linux linux_kernel 2.2.23
linux linux_kernel 2.5.60
linux linux_kernel 2.5.8
linux linux_kernel 2.0.5
linux linux_kernel 2.5.6
linux linux_kernel 2.6.10
linux linux_kernel 2.5.20
linux linux_kernel 2.5.22
vserver linux-vserver 1.22
linux linux_kernel 2.2.1
linux linux_kernel 2.5.26
linux linux_kernel 2.4.15
linux linux_kernel 2.2.24
linux linux_kernel 2.6.11
linux linux_kernel 2.5.42
linux linux_kernel 2.5.55
linux linux_kernel 2.2.2
linux linux_kernel 2.5.47
linux linux_kernel 2.5.40
linux linux_kernel 2.6.5
linux linux_kernel 2.5.65
linux linux_kernel 2.0.2
linux linux_kernel 2.0.32
linux linux_kernel 2.6.7
linux linux_kernel 2.2.4
linux linux_kernel 2.4.2
linux linux_kernel 2.5.29
linux linux_kernel 2.6.11.2
linux linux_kernel 2.2.13
linux linux_kernel 2.5.3
linux linux_kernel 2.5.14
vserver linux-vserver 1.20
linux linux_kernel 2.0.28
linux linux_kernel 2.5.36
linux linux_kernel 2.2.25
linux linux_kernel 2.5.12
linux linux_kernel 2.5.30
linux linux_kernel 2.5.2
linux linux_kernel 2.5.16
linux linux_kernel 2.5.56
linux linux_kernel 2.5.5
linux linux_kernel 2.2.8
linux linux_kernel 2.2.19
linux linux_kernel 2.0.22
linux linux_kernel 2.2.11
linux linux_kernel 2.5.58
netkit linux_netkit 0.17.17
linux linux_kernel 2.5.38
linux linux_kernel 2.0.6
linux linux_kernel 2.2.5
linux linux_kernel 2.0.17
linux linux_kernel 2.0.26
linux linux_kernel 2.2.0
linux linux_kernel 2.4.23
linux linux_kernel 2.5.7
linux linux_kernel 2.0.39
linux linux_kernel 2.0.13
linux linux_kernel 2.5.54
linux linux_kernel 2.4.26
linux linux_kernel 2.0.12
linux linux_kernel 2.4.22
linux linux_kernel 2.4.4
linux linux_kernel 2.5.18
linux linux_kernel 2.4.25
linux linux_kernel 2.5.52
linux linux_kernel 2.0.19
linux linux_kernel 2.0.9.9
linux linux_kernel 2.4.16
linux linux_kernel 2.2.3
linux linux_kernel 2.6.11.3
linux linux_kernel 2.6.20.1
linux linux_kernel 2.6.11.6
linux linux_kernel 2.4.0
linux linux_kernel 2.0.38
linux linux_kernel 2.5.24
vserver linux-vserver 1.24
linux linux_kernel 2.6.8
linux linux_kernel 2.5.15
linux linux_kernel 2.5.37
linux linux_kernel 2.2.10
linux linux_kernel 2.0.27
linux linux_kernel 2.5.69
linux linux_kernel 2.4.24
linux linux_kernel 2.5.62
linux linux_kernel 2.5.57
linux linux_kernel 2.0.3
vserver linux-vserver 1.23
linux linux_kernel 2.0.15
linux linux_kernel 2.5.27
linux linux_kernel 2.3.99
linux linux_kernel 2.2.18
linux linux_kernel 2.0.37
linux linux_kernel 2.4.7
linux linux_kernel 2.2.9
linux linux_kernel 2.6.1
linux linux_kernel 2.6.0
linux linux_kernel 2.5.39
linux linux_kernel 2.2.12
linux linux_kernel 2.5.63
linux linux_kernel 2.5.64
linux linux_kernel 2.6_test9_cvs
linux linux_kernel 2.0.10
linux linux_kernel 2.4.8
linux linux_kernel 2.5.32
linux linux_kernel 2.4.18
linux linux_kernel 2.5.50
linux linux_kernel 2.6.2
CVE-2005-4418 HIGH

util-vserver before 0.30.208-1 with kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux sets a default policy that trusts unknown capabilities, which could allow local users to conduct unauthorized activities.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vserver util-vserver 0
vserver util-vserver 0.30.209
CVE-2006-1656 HIGH

vserver in util-vserver 0.30.209 executes a command as root when the suexec userid parameter is invalid and non-numeric, which might cause local users to inadvertently execute dangerous commands as root.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
vserver util-vserver 0.30.209
vserver util-vserver *