CVE-2004-2073 | Vulnerability Database | Aqua Security

Linux-VServer 1.24 allows local users with root privileges on a virtual server to gain access to the filesystem outside the virtual server via a modified chroot-again exploit using the chmod command.

Affected Software

Name	Vendor	Start Version	End Version
Linux-vserver	Vserver	1.20 (including)	1.20 (including)
Linux-vserver	Vserver	1.21 (including)	1.21 (including)
Linux-vserver	Vserver	1.22 (including)	1.22 (including)
Linux-vserver	Vserver	1.23 (including)	1.23 (including)
Linux-vserver	Vserver	1.24 (including)	1.24 (including)

References

http://secunia.com/advisories/10816
http://www.linux-vserver.org/index.php?page=ChangeLog
http://www.osvdb.org/3875
http://www.securityfocus.com/archive/1/353003
http://www.securityfocus.com/bid/9596
https://exchange.xforce.ibmcloud.com/vulnerabilities/15073
http://secunia.com/advisories/10816
http://www.linux-vserver.org/index.php?page=ChangeLog
http://www.osvdb.org/3875
http://www.securityfocus.com/archive/1/353003
http://www.securityfocus.com/bid/9596
https://exchange.xforce.ibmcloud.com/vulnerabilities/15073

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-2073
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html