[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-1006Date: (C)2011-03-22   (M)2023-12-22


Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common.c in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear whether this issue crosses privilege boundaries.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1025158
SECUNIA-43611
SECUNIA-43758
SECUNIA-43891
SECUNIA-44093
BID-46729
ADV-2011-0679
ADV-2011-0774
DSA-2193
FEDORA-2011-2631
FEDORA-2011-2638
RHSA-2011:0320
http://libcg.git.sourceforge.net/git/gitweb.cgi?p=libcg/libcg%3Ba=commit%3Bh=5ae8aea1ecd60c439121d3329d8eaabf13d292c1
http://sourceforge.net/projects/libcg/files/libcgroup/v0.37.1/libcgroup-0.37.1.tar.bz2/download
https://bugzilla.redhat.com/show_bug.cgi?id=678107
openSUSE-SU-2011:0316

CPE    1
cpe:/a:balbir_singh:libcgroup
CWE    1
CWE-119
OVAL    6
oval:org.secpod.oval:def:103140
oval:org.secpod.oval:def:600212
oval:org.secpod.oval:def:103101
oval:org.secpod.oval:def:500213
...

© SecPod Technologies