MiracleLinux 7 : libcgroup-0.41-21.el7 (AXSA:2019-4180:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4180:01 advisory. libcgroup: cgrulesengd creates log files with insecure permissions CVE-2018-14348 Tenable has extracted the preceding description block directly from the...

SUSE CVE-2011-1022

The cgrereceivenetlinkmsg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library aka libcgroup or libcg before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted...

RHEL 7 : libcgroup (RHSA-2019:2047)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2047 advisory. The libcgroup packages provide tools and libraries to control and monitor control groups. Security Fixes: libcgroup: cgrulesengd creates log files wi...

libcgroup: cgrulesengd creates log files with insecure permissions

libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information...

Updated libcgroup packages fix security vulnerability

The cgrulesengd daemon cgred in libcgroup through version 0.41 creates log files /var/log/cgred with world readable and writable permissions 0o666 due to a reset of the file mode creation mask umask0 in the daemon/cgrulesengd.c:cgrestartdaemon function CVE-2018-14348...

MGASA-2018-0380 Updated libcgroup packages fix security vulnerability

The cgrulesengd daemon cgred in libcgroup through version 0.41 creates log files /var/log/cgred with world readable and writable permissions 0o666 due to a reset of the file mode creation mask umask0 in the daemon/cgrulesengd.c:cgrestartdaemon function CVE-2018-14348...

Debian: Security Advisory (DLA-1472-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : libcgroup-devel (openSUSE-SU-2011:0316-1)

Two security bugfixes in libcgroup1 were done : libcgroup suffered from a heap based buffer overflow CVE-2011-1006. The cgrulesengd daemon did not verify the origin of netlink messages, allowing local users to spoof events CVE-2011-1022. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

SuSE 11.1 Security Update : libcgroup (SAT Patch Number 4081)

The following bugs have been fixed : - libcgroup suffered from a heap-based buffer overflow. CVE-2011-1006 - The cgrulesengd daemon did not verify the origin of netlink messages, allowing local users to spoof events. CVE-2011-1022 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descripti...

DEBIAN-CVE-2011-1022

The cgrereceivenetlinkmsg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library aka libcgroup or libcg before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted...

CVE-2011-1022

The cgrereceivenetlinkmsg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library aka libcgroup or libcg before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted...

UBUNTU-CVE-2011-1022

The cgrereceivenetlinkmsg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library aka libcgroup or libcg before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted...

CVE-2011-1022

The cgrereceivenetlinkmsg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library aka libcgroup or libcg before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted...

Design/Logic Flaw

The cgrereceivenetlinkmsg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library aka libcgroup or libcg before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted...

CVE-2011-1022

CVE-2011-1022 affects the libcgroup (libcg) cgrulesengd component. It arises from the cgrulesengd.c function cgre_receive_netlink_msg not validating that Netlink messages originate from the kernel, allowing a local attacker to bypass resource restrictions via a crafted Netlink message. Public det...

CVE-2011-1022

The cgrereceivenetlinkmsg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library aka libcgroup or libcg before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted...

libcgroup: Uncheck origin of NETLINK messages

The cgrereceivenetlinkmsg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library aka libcgroup or libcg before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted...