CVE-2011-1022

Sažetak

The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message.

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615987
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056683.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056734.html
http://lists.opensuse.org/opensuse-updates/2011-04/msg00027.html
http://openwall.com/lists/oss-security/2011/02/25/11
http://openwall.com/lists/oss-security/2011/02/25/12
http://openwall.com/lists/oss-security/2011/02/25/14
http://openwall.com/lists/oss-security/2011/02/25/6
http://openwall.com/lists/oss-security/2011/02/25/9
http://secunia.com/advisories/43611
http://secunia.com/advisories/43758
http://secunia.com/advisories/43891
http://secunia.com/advisories/44093
http://sourceforge.net/mailarchive/message.php?msg_id=26598749
http://sourceforge.net/mailarchive/message.php?msg_id=27102603
http://sourceforge.net/projects/libcg/files/libcgroup/v0.37.1/libcgroup-0.37.1.tar.bz2/download
http://www.debian.org/security/2011/dsa-2193
http://www.redhat.com/support/errata/RHSA-2011-0320.html
http://www.securityfocus.com/bid/46578
http://www.securitytracker.com/id?1025157
http://www.vupen.com/english/advisories/2011/0679
http://www.vupen.com/english/advisories/2011/0774
https://bugzilla.redhat.com/show_bug.cgi?id=680409

CVSS

Base:	2.1
Impact:	2.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

07-09-2011 - 03:15

Objavljeno

22-03-2011 - 17:55