2 results (0.006 seconds)

CVSS: 7.2EPSS: 0%CPEs: 17EXPL: 0

CVE-2011-1006 – libcgroup: Heap-based buffer overflow by converting list of controllers for given task into an array of strings

https://notcve.org/view.php?id=CVE-2011-1006

Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common.c in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear whether this issue crosses privilege boundaries. Desbordamiento de buffer de memoria dinámica en la función parse_cgroup_spec de tools/tools-common.c de la librería "Control Group Configuration" (libcgroup o libcg) en versiones anteriores a la 0.37.1. Permite a usuarios locales escalar privilegios a través de una lista de controladores modificada en la línea de comandos de un aplicación. NOTA: no está claro si este problema traspasa las restricciones de privilegios. • http://libcg.git.sourceforge.net/git/gitweb.cgi?p=libcg/libcg%3Ba=commit%3Bh=5ae8aea1ecd60c439121d3329d8eaabf13d292c1 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056683.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056734.html http://lists.opensuse.org/opensuse-updates/2011-04/msg00027.html http://secunia.com/advisories/43611 http://secunia.com/advisories/43758 http://secunia.com/advisories/43891 http://secunia.com/advisories/44093 http://sourceforge.net& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 3.3EPSS: 0%CPEs: 17EXPL: 0

CVE-2011-1022 – libcgroup: Uncheck origin of NETLINK messages

https://notcve.org/view.php?id=CVE-2011-1022

The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message. La función cgre_receive_netlink_msg en daemon/cgrulesengd.c en cgrulesengd en Control Group Configuration Library (también conocido como libcgroup or libcg) anteriores a v0.37.1 no verifica que los mensajes netlink se originen en el núcleo, lo que permite a usuarios locales eludir las restricciones de acceso a recursos a través de un mensaje manipulado. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615987 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056683.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056734.html http://lists.opensuse.org/opensuse-updates/2011-04/msg00027.html http://openwall.com/lists/oss-security/2011/02/25/11 http://openwall.com/lists/oss-security/2011/02/25/12 http://openwall.com/lists/oss-security/2011/02/25/14 http://openwall.com/lists/oss-securit • CWE-264: Permissions, Privileges, and Access Controls •