123 matches found
Fedora 15 : libcgroup-0.37.1-1.fc15 (2011-2638)
Two security bugs were fixed in this release : - CVE-2011-1006: Heap-based buffer overflow by converting list of controllers for given task into an array of strings - CVE-2011-1022: Unchecked origin of NETLINK messages Note that Tenable Network Security has extracted the preceding description blo...
Fedora 14 : libcgroup-0.36.2-6.fc14 (2011-2631)
Two security bugs were fixed in this release : - CVE-2011-1006: Heap-based buffer overflow by converting list of controllers for given task into an array of strings - CVE-2011-1022: Unchecked origin of NETLINK messages Note that Tenable Network Security has extracted the preceding description blo...
[SECURITY] Fedora 15 Update: libcgroup-0.37.1-1.fc15
Control groups infrastructure. The tools and library help manipulate, contr ol, administrate and monitor control groups and the associated controllers...
libcgroup security vulnerabilities
Buffer overflow, privilege escalation...
[SECURITY] [DSA 2193-1] libcgroup security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2193-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst March 16, 2011 http://www.debian.org/security/faq -...
CVE-2011-1006
Heap-based buffer overflow in the parsecgroupspec function in tools/tools-common.c in the Control Group Configuration Library aka libcgroup or libcg before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear wheth...
CVE-2011-1022
The cgrereceivenetlinkmsg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library aka libcgroup or libcg before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted...
DEBIAN-CVE-2011-1022
The cgrereceivenetlinkmsg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library aka libcgroup or libcg before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted...
CVE-2011-1006
Heap-based buffer overflow in the parsecgroupspec function in tools/tools-common.c in the Control Group Configuration Library aka libcgroup or libcg before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear wheth...
UBUNTU-CVE-2011-1006
Heap-based buffer overflow in the parsecgroupspec function in tools/tools-common.c in the Control Group Configuration Library aka libcgroup or libcg before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear wheth...
CVE-2011-1006
CVE-2011-1006 refers to a heap-based buffer overflow in libcgroup/libcg, specifically in parse_cgroup_spec() within tools/tools-common.c. The flaw arises when parsing a crafted list of controllers on the command line, which could allow local users to gain privileges. The vulnerability is linked t...
CVE-2011-1022
The cgrereceivenetlinkmsg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library aka libcgroup or libcg before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted...
CVE-2011-1022
CVE-2011-1022 affects the libcgroup (libcg) cgrulesengd component. It arises from the cgrulesengd.c function cgre_receive_netlink_msg not validating that Netlink messages originate from the kernel, allowing a local attacker to bypass resource restrictions via a crafted Netlink message. Public det...
CVE-2011-1022
The cgrereceivenetlinkmsg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library aka libcgroup or libcg before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted...
Debian DSA-2193-1 : libcgroup - several vulnerabilities
Several issues have been discovered in libcgroup, a library to control and monitor control groups : - CVE-2011-1006 Heap-based buffer overflow by converting list of controllers for given task into an array of strings could lead to privilege escalation by a local attacker. - CVE-2011-1022 libcgrou...
[SECURITY] [DSA 2193-1] libcgroup security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2193-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst March 16, 2011 http://www.debian.org/security/faq -...
DSA-2193-1 libcgroup - several
Bulletin has no description...
RHEL 6 : libcgroup (RHSA-2011:0320)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:0320 advisory. The libcgroup packages provide tools and libraries to control and monitor control groups. A heap-based buffer overflow flaw was found in the...
libcgroup: Uncheck origin of NETLINK messages
The cgrereceivenetlinkmsg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library aka libcgroup or libcg before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted...
Important: Red Hat Security Advisory: libcgroup security update
Updated libcgroup packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...