Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common.c in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear whether this issue crosses privilege boundaries.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C
Vendors Products
Balbir Singh
  • Libcgroup

Configuration 1 [-]

OR cpe:2.3:a:balbir_singh:libcgroup:*:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.1b:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.1c:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.2:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.3:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.31:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.32:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.32.1:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.32.2:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.33:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.34:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.35:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.35.1:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.36:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.36.1:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.36.2:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.37:rc1:*:*:*:*:*:*
References
Link Resource
http://libcg.git.sourceforge.net/git/gitweb.cgi?p=libcg/libcg%3Ba=commit%3Bh=5ae8aea1ecd60c439121d3329d8eaabf13d292c1
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056683.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056734.html
http://lists.opensuse.org/opensuse-updates/2011-04/msg00027.html
http://secunia.com/advisories/43611 Vendor Advisory
http://secunia.com/advisories/43758 Vendor Advisory
http://secunia.com/advisories/43891
http://secunia.com/advisories/44093
http://sourceforge.net/projects/libcg/files/libcgroup/v0.37.1/libcgroup-0.37.1.tar.bz2/download Patch
http://www.debian.org/security/2011/dsa-2193
http://www.redhat.com/support/errata/RHSA-2011-0320.html
http://www.securityfocus.com/bid/46729
http://www.securitytracker.com/id?1025158
http://www.vupen.com/english/advisories/2011/0679 Vendor Advisory
http://www.vupen.com/english/advisories/2011/0774
https://bugzilla.redhat.com/show_bug.cgi?id=678107 Patch
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2011-03-22T17:00:00

Updated: 2011-04-09T09:00:00

Reserved: 2011-02-14T00:00:00

Link: CVE-2011-1006

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2011-03-22T17:55:01.300

Modified: 2023-11-07T02:06:55.720

Link: CVE-2011-1006

JSON object: View

cve-icon Redhat Information

No data.

CWE