Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1006

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2011-1006
Last Modified 20 Apr 2011 10:33:16
Published 22 Mar 2011 01:55:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-1006

Summary

Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common.c in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear whether this issue crosses privilege boundaries.

Vulnerable Systems

Application

  • Balbir Singh Libcgroup 0.1b

  • Balbir Singh Libcgroup 0.1c

  • Balbir Singh Libcgroup 0.2

  • Balbir Singh Libcgroup 0.3

  • Balbir Singh Libcgroup 0.31

  • Balbir Singh Libcgroup 0.32

  • Balbir Singh Libcgroup 0.32.1

  • Balbir Singh Libcgroup 0.32.2

  • Balbir Singh Libcgroup 0.33

  • Balbir Singh Libcgroup 0.34

  • Balbir Singh Libcgroup 0.35

  • Balbir Singh Libcgroup 0.35.1

  • Balbir Singh Libcgroup 0.36

  • Balbir Singh Libcgroup 0.36.1

  • Balbir Singh Libcgroup 0.36.2

  • Balbir Singh Libcgroup 0.37


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=678107

CONFIRM - http://sourceforge.net/projects/libcg/files/libcgroup/v0.37.1/libcgroup-0.37.1.tar.bz2/download

CONFIRM - http://libcg.git.sourceforge.net/git/gitweb.cgi?p=libcg/libcg;a=commit;h=5ae8aea1ecd60c439121d3329d8eaabf13d292c1

VUPEN - ADV-2011-0774

VUPEN - ADV-2011-0679

SECTRACK - 1025158

BID - 46729

REDHAT - RHSA-2011:0320

DEBIAN - DSA-2193

SECUNIA - 44093

SECUNIA - 43891

SECUNIA - 43758

SECUNIA - 43611

SUSE - openSUSE-SU-2011:0316

FEDORA - FEDORA-2011-2638

FEDORA - FEDORA-2011-2631


Last Updated: 27 May 2016 10:56:07