CVE-2011-1022

The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/46578
https://bugzilla.redhat.com/show_bug.cgi?id=680409	Patch
http://openwall.com/lists/oss-security/2011/02/25/11	Patch
http://www.debian.org/security/2011/dsa-2193
http://openwall.com/lists/oss-security/2011/02/25/12	Patch
http://sourceforge.net/mailarchive/message.php?msg_id=27102603	Patch
http://secunia.com/advisories/43611	Vendor Advisory
http://sourceforge.net/projects/libcg/files/libcgroup/v0.37.1/libcgroup-0.37.1.tar.bz2/download	Patch
http://www.redhat.com/support/errata/RHSA-2011-0320.html
http://openwall.com/lists/oss-security/2011/02/25/6	Patch
http://openwall.com/lists/oss-security/2011/02/25/9	Patch
http://secunia.com/advisories/43758	Vendor Advisory
http://openwall.com/lists/oss-security/2011/02/25/14
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615987	Patch
http://sourceforge.net/mailarchive/message.php?msg_id=26598749	Patch
http://www.vupen.com/english/advisories/2011/0679	Vendor Advisory
http://www.vupen.com/english/advisories/2011/0774
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056734.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056683.html
http://secunia.com/advisories/43891
http://secunia.com/advisories/44093
http://lists.opensuse.org/opensuse-updates/2011-04/msg00027.html
http://www.securitytracker.com/id?1025157

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:balbir_singh:libcgroup::::::::
	cpe:2.3:a:balbir_singh:libcgroup:0.37:rc1::::::
	cpe:2.3:a:balbir_singh:libcgroup:0.33:::::::*
	cpe:2.3:a:balbir_singh:libcgroup:0.32.2:::::::*
	cpe:2.3:a:balbir_singh:libcgroup:0.36:::::::*
	cpe:2.3:a:balbir_singh:libcgroup:0.35.1:::::::*
	cpe:2.3:a:balbir_singh:libcgroup:0.3:::::::*
	cpe:2.3:a:balbir_singh:libcgroup:0.2:::::::*
	cpe:2.3:a:balbir_singh:libcgroup:0.36.2:::::::*
	cpe:2.3:a:balbir_singh:libcgroup:0.36.1:::::::*
	cpe:2.3:a:balbir_singh:libcgroup:0.32.1:::::::*
	cpe:2.3:a:balbir_singh:libcgroup:0.1c:::::::*
	cpe:2.3:a:balbir_singh:libcgroup:0.31:::::::*
	cpe:2.3:a:balbir_singh:libcgroup:0.35:::::::*
	cpe:2.3:a:balbir_singh:libcgroup:0.34:::::::*
	cpe:2.3:a:balbir_singh:libcgroup:0.32:::::::*
	cpe:2.3:a:balbir_singh:libcgroup:0.1b:::::::*

Information

Published : 2011-03-22 10:55

Updated : 2011-09-06 20:15

NVD link : CVE-2011-1022

Mitre link : CVE-2011-1022

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

balbir_singh

libcgroup

2.1 /10