[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110139

 
 

909

 
 

85964

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2011-1006Date: (C)2011-03-22   (M)2018-06-11


Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common.c in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear whether this issue crosses privilege boundaries.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 7.2
Exploit Score: Exploit Score: 3.9
Impact Score: Impact Score: 10.0
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: LOCAL
Attack Complexity: Access Complexity: LOW
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: COMPLETE
Scope: Integrity: COMPLETE
Confidentiality: Availability: COMPLETE
Integrity:  
Availability:  
  
Reference:
SECTRACK-1025158
SECUNIA-43611
SECUNIA-43758
SECUNIA-43891
SECUNIA-44093
BID-46729
ADV-2011-0679
ADV-2011-0774
DSA-2193
FEDORA-2011-2631
FEDORA-2011-2638
RHSA-2011:0320
http://libcg.git.sourceforge.net/git/gitweb.cgi?p=libcg/libcg;a=commit;h=5ae8aea1ecd60c439121d3329d8eaabf13d292c1
http://sourceforge.net/projects/libcg/files/libcgroup/v0.37.1/libcgroup-0.37.1.tar.bz2/download
https://bugzilla.redhat.com/show_bug.cgi?id=678107
openSUSE-SU-2011:0316

CWE    1
CWE-119
OVAL    5
oval:org.secpod.oval:def:600212
oval:org.secpod.oval:def:101333
oval:org.secpod.oval:def:103101
oval:org.secpod.oval:def:103140
...

© SecPod Technologies