The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N
Vendors Products
Balbir Singh
  • Libcgroup

Configuration 1 [-]

OR cpe:2.3:a:balbir_singh:libcgroup:*:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.1b:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.1c:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.2:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.3:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.31:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.32:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.32.1:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.32.2:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.33:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.34:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.35:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.35.1:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.36:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.36.1:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.36.2:*:*:*:*:*:*:*
cpe:2.3:a:balbir_singh:libcgroup:0.37:rc1:*:*:*:*:*:*
References
Link Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615987 Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056683.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056734.html
http://lists.opensuse.org/opensuse-updates/2011-04/msg00027.html
http://openwall.com/lists/oss-security/2011/02/25/11 Patch
http://openwall.com/lists/oss-security/2011/02/25/12 Patch
http://openwall.com/lists/oss-security/2011/02/25/14
http://openwall.com/lists/oss-security/2011/02/25/6 Patch
http://openwall.com/lists/oss-security/2011/02/25/9 Patch
http://secunia.com/advisories/43611 Vendor Advisory
http://secunia.com/advisories/43758 Vendor Advisory
http://secunia.com/advisories/43891
http://secunia.com/advisories/44093
http://sourceforge.net/mailarchive/message.php?msg_id=26598749 Patch
http://sourceforge.net/mailarchive/message.php?msg_id=27102603 Patch
http://sourceforge.net/projects/libcg/files/libcgroup/v0.37.1/libcgroup-0.37.1.tar.bz2/download Patch
http://www.debian.org/security/2011/dsa-2193
http://www.redhat.com/support/errata/RHSA-2011-0320.html
http://www.securityfocus.com/bid/46578
http://www.securitytracker.com/id?1025157
http://www.vupen.com/english/advisories/2011/0679 Vendor Advisory
http://www.vupen.com/english/advisories/2011/0774
https://bugzilla.redhat.com/show_bug.cgi?id=680409 Patch
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2011-03-22T17:00:00

Updated: 2011-04-09T09:00:00

Reserved: 2011-02-14T00:00:00

Link: CVE-2011-1022

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2011-03-22T17:55:01.987

Modified: 2011-09-07T03:15:15.597

Link: CVE-2011-1022

JSON object: View

cve-icon Redhat Information

No data.

CWE