[Forgot Password]
Login  Register Subscribe

23631

 
 

126941

 
 

98250

 
 

909

 
 

79281

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2011-1006

Date: (C)2011-03-22   (M)2017-11-18 


Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common.c in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear whether this issue crosses privilege boundaries.

CVSS Score: 7.2Access Vector: LOCAL
Exploit Score: 3.9Access Complexity: LOW
Impact Score: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE





Reference:
SECTRACK-1025158
SECUNIA-43611
SECUNIA-43758
SECUNIA-43891
SECUNIA-44093
BID-46729
ADV-2011-0679
ADV-2011-0774
DSA-2193
FEDORA-2011-2631
FEDORA-2011-2638
RHSA-2011:0320
http://libcg.git.sourceforge.net/git/gitweb.cgi?p=libcg/libcg;a=commit;h=5ae8aea1ecd60c439121d3329d8eaabf13d292c1
http://sourceforge.net/projects/libcg/files/libcgroup/v0.37.1/libcgroup-0.37.1.tar.bz2/download
https://bugzilla.redhat.com/show_bug.cgi?id=678107
openSUSE-SU-2011:0316

CWE    1
CWE-119
OVAL    5
oval:org.secpod.oval:def:103140
oval:org.secpod.oval:def:101333
oval:org.secpod.oval:def:103101
oval:org.secpod.oval:def:500213
...

© 2013 SecPod Technologies