Description
The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows attackers to access files on the host system that are outside of the vserver.
Affected products
- Debian / debian_linux3.0 – 3.0
- Debian / debian_linux3.1 – 3.1
- Debian / kernel-patch-vserver1.9.5.5