CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2018-14348 – libcgroup: cgrulesengd creates log files with insecure permissions
https://notcve.org/view.php?id=CVE-2018-14348
libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information. libcgroup hasta el incluyendo la versión 0.41 crea /var/log/cgred con el modo 0666 independientemente del umask configurado, lo que conduce a una fuga de información. • http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00023.html https://access.redhat.com/errata/RHSA-2019:2047 https://bugzilla.suse.com/show_bug.cgi?id=1100365 https://lists.debian.org/debian-lts-announce/2018/08/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3VH333EONOEEGKOLHHFXCJYHCYMHJ4KK https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590 https://access.redhat.com/security/cve/CVE-2018-14348 https://bug • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 7.2EPSS: 0%CPEs: 17EXPL: 0CVE-2011-1006 – libcgroup: Heap-based buffer overflow by converting list of controllers for given task into an array of strings
https://notcve.org/view.php?id=CVE-2011-1006
Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common.c in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear whether this issue crosses privilege boundaries. Desbordamiento de buffer de memoria dinámica en la función parse_cgroup_spec de tools/tools-common.c de la librería "Control Group Configuration" (libcgroup o libcg) en versiones anteriores a la 0.37.1. Permite a usuarios locales escalar privilegios a través de una lista de controladores modificada en la línea de comandos de un aplicación. NOTA: no está claro si este problema traspasa las restricciones de privilegios. • http://libcg.git.sourceforge.net/git/gitweb.cgi?p=libcg/libcg%3Ba=commit%3Bh=5ae8aea1ecd60c439121d3329d8eaabf13d292c1 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056683.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056734.html http://lists.opensuse.org/opensuse-updates/2011-04/msg00027.html http://secunia.com/advisories/43611 http://secunia.com/advisories/43758 http://secunia.com/advisories/43891 http://secunia.com/advisories/44093 http://sourceforge.net& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 3.3EPSS: 0%CPEs: 17EXPL: 0CVE-2011-1022 – libcgroup: Uncheck origin of NETLINK messages
https://notcve.org/view.php?id=CVE-2011-1022
The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message. La función cgre_receive_netlink_msg en daemon/cgrulesengd.c en cgrulesengd en Control Group Configuration Library (también conocido como libcgroup or libcg) anteriores a v0.37.1 no verifica que los mensajes netlink se originen en el núcleo, lo que permite a usuarios locales eludir las restricciones de acceso a recursos a través de un mensaje manipulado. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615987 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056683.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056734.html http://lists.opensuse.org/opensuse-updates/2011-04/msg00027.html http://openwall.com/lists/oss-security/2011/02/25/11 http://openwall.com/lists/oss-security/2011/02/25/12 http://openwall.com/lists/oss-security/2011/02/25/14 http://openwall.com/lists/oss-securit • CWE-264: Permissions, Privileges, and Access Controls •