CVE-2011-1022
N/A
N/A
Summary
The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://openwall.com/lists/oss-security/2011/02/25/11
- http://secunia.com/advisories/43758
- http://secunia.com/advisories/44093
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615987
- http://www.securitytracker.com/id?1025157
- http://www.securityfocus.com/bid/46578
- http://sourceforge.net/projects/libcg/files/libcgroup/v0.37.1/libcgroup-0.37.1.tar.bz2/download
- http://secunia.com/advisories/43891
- http://www.debian.org/security/2011/dsa-2193
- http://lists.opensuse.org/opensuse-updates/2011-04/msg00027.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056683.html
- http://www.vupen.com/english/advisories/2011/0679
- http://www.vupen.com/english/advisories/2011/0774
- http://sourceforge.net/mailarchive/message.php?msg_id=26598749
- http://openwall.com/lists/oss-security/2011/02/25/14
- https://bugzilla.redhat.com/show_bug.cgi?id=680409
- http://www.redhat.com/support/errata/RHSA-2011-0320.html
- http://openwall.com/lists/oss-security/2011/02/25/12
- http://secunia.com/advisories/43611
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056734.html
- http://openwall.com/lists/oss-security/2011/02/25/6
- http://openwall.com/lists/oss-security/2011/02/25/9
- http://sourceforge.net/mailarchive/message.php?msg_id=27102603
References
- http://openwall.com/lists/oss-security/2011/02/25/11
- http://secunia.com/advisories/43758
- http://secunia.com/advisories/44093
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615987
- http://www.securitytracker.com/id?1025157
- http://www.securityfocus.com/bid/46578
- http://sourceforge.net/projects/libcg/files/libcgroup/v0.37.1/libcgroup-0.37.1.tar.bz2/download
- http://secunia.com/advisories/43891
- http://www.debian.org/security/2011/dsa-2193
- http://lists.opensuse.org/opensuse-updates/2011-04/msg00027.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056683.html
- http://www.vupen.com/english/advisories/2011/0679
- http://www.vupen.com/english/advisories/2011/0774
- http://sourceforge.net/mailarchive/message.php?msg_id=26598749
- http://openwall.com/lists/oss-security/2011/02/25/14
- https://bugzilla.redhat.com/show_bug.cgi?id=680409
- http://www.redhat.com/support/errata/RHSA-2011-0320.html
- http://openwall.com/lists/oss-security/2011/02/25/12
- http://secunia.com/advisories/43611
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056734.html
- http://openwall.com/lists/oss-security/2011/02/25/6
- http://openwall.com/lists/oss-security/2011/02/25/9
- http://sourceforge.net/mailarchive/message.php?msg_id=27102603
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.