[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-1022Date: (C)2011-03-22   (M)2023-12-22


The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.1
Exploit Score: 3.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECTRACK-1025157
SECUNIA-43611
SECUNIA-43758
SECUNIA-43891
SECUNIA-44093
BID-46578
ADV-2011-0679
ADV-2011-0774
DSA-2193
FEDORA-2011-2631
FEDORA-2011-2638
RHSA-2011:0320
http://sourceforge.net/mailarchive/message.php?msg_id=26598749
http://sourceforge.net/mailarchive/message.php?msg_id=27102603
http://openwall.com/lists/oss-security/2011/02/25/6
http://openwall.com/lists/oss-security/2011/02/25/14
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615987
http://sourceforge.net/projects/libcg/files/libcgroup/v0.37.1/libcgroup-0.37.1.tar.bz2/download
https://bugzilla.redhat.com/show_bug.cgi?id=680409
openSUSE-SU-2011:0316

CPE    1
cpe:/a:balbir_singh:libcgroup
CWE    1
CWE-264
OVAL    6
oval:org.secpod.oval:def:103140
oval:org.secpod.oval:def:600212
oval:org.secpod.oval:def:103101
oval:org.secpod.oval:def:500213
...

© SecPod Technologies