CVE-2011-1022
libcgroup: Uncheck origin of NETLINK messages
Severity Score
2.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message.
La función cgre_receive_netlink_msg en daemon/cgrulesengd.c en cgrulesengd en Control Group Configuration Library (también conocido como libcgroup or libcg) anteriores a v0.37.1 no verifica que los mensajes netlink se originen en el núcleo, lo que permite a usuarios locales eludir las restricciones de acceso a recursos a través de un mensaje manipulado.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-02-14 CVE Reserved
- 2011-03-17 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (24)
| URL | Tag | Source |
|---|---|---|
| http://openwall.com/lists/oss-security/2011/02/25/14 | Mailing List | |
| http://secunia.com/advisories/43891 | Third Party Advisory | |
| http://secunia.com/advisories/44093 | Third Party Advisory | |
| http://www.securityfocus.com/bid/46578 | Vdb Entry | |
| http://www.securitytracker.com/id?1025157 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2011/0774 | Vdb Entry |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Balbir Singh Search vendor "Balbir Singh" | Libcgroup Search vendor "Balbir Singh" for product "Libcgroup" | <= 0.37 Search vendor "Balbir Singh" for product "Libcgroup" and version " <= 0.37" | - |
Affected
| ||||||
| Balbir Singh Search vendor "Balbir Singh" | Libcgroup Search vendor "Balbir Singh" for product "Libcgroup" | 0.1b Search vendor "Balbir Singh" for product "Libcgroup" and version "0.1b" | - |
Affected
| ||||||
| Balbir Singh Search vendor "Balbir Singh" | Libcgroup Search vendor "Balbir Singh" for product "Libcgroup" | 0.1c Search vendor "Balbir Singh" for product "Libcgroup" and version "0.1c" | - |
Affected
| ||||||
| Balbir Singh Search vendor "Balbir Singh" | Libcgroup Search vendor "Balbir Singh" for product "Libcgroup" | 0.2 Search vendor "Balbir Singh" for product "Libcgroup" and version "0.2" | - |
Affected
| ||||||
| Balbir Singh Search vendor "Balbir Singh" | Libcgroup Search vendor "Balbir Singh" for product "Libcgroup" | 0.3 Search vendor "Balbir Singh" for product "Libcgroup" and version "0.3" | - |
Affected
| ||||||
| Balbir Singh Search vendor "Balbir Singh" | Libcgroup Search vendor "Balbir Singh" for product "Libcgroup" | 0.31 Search vendor "Balbir Singh" for product "Libcgroup" and version "0.31" | - |
Affected
| ||||||
| Balbir Singh Search vendor "Balbir Singh" | Libcgroup Search vendor "Balbir Singh" for product "Libcgroup" | 0.32 Search vendor "Balbir Singh" for product "Libcgroup" and version "0.32" | - |
Affected
| ||||||
| Balbir Singh Search vendor "Balbir Singh" | Libcgroup Search vendor "Balbir Singh" for product "Libcgroup" | 0.32.1 Search vendor "Balbir Singh" for product "Libcgroup" and version "0.32.1" | - |
Affected
| ||||||
| Balbir Singh Search vendor "Balbir Singh" | Libcgroup Search vendor "Balbir Singh" for product "Libcgroup" | 0.32.2 Search vendor "Balbir Singh" for product "Libcgroup" and version "0.32.2" | - |
Affected
| ||||||
| Balbir Singh Search vendor "Balbir Singh" | Libcgroup Search vendor "Balbir Singh" for product "Libcgroup" | 0.33 Search vendor "Balbir Singh" for product "Libcgroup" and version "0.33" | - |
Affected
| ||||||
| Balbir Singh Search vendor "Balbir Singh" | Libcgroup Search vendor "Balbir Singh" for product "Libcgroup" | 0.34 Search vendor "Balbir Singh" for product "Libcgroup" and version "0.34" | - |
Affected
| ||||||
| Balbir Singh Search vendor "Balbir Singh" | Libcgroup Search vendor "Balbir Singh" for product "Libcgroup" | 0.35 Search vendor "Balbir Singh" for product "Libcgroup" and version "0.35" | - |
Affected
| ||||||
| Balbir Singh Search vendor "Balbir Singh" | Libcgroup Search vendor "Balbir Singh" for product "Libcgroup" | 0.35.1 Search vendor "Balbir Singh" for product "Libcgroup" and version "0.35.1" | - |
Affected
| ||||||
| Balbir Singh Search vendor "Balbir Singh" | Libcgroup Search vendor "Balbir Singh" for product "Libcgroup" | 0.36 Search vendor "Balbir Singh" for product "Libcgroup" and version "0.36" | - |
Affected
| ||||||
| Balbir Singh Search vendor "Balbir Singh" | Libcgroup Search vendor "Balbir Singh" for product "Libcgroup" | 0.36.1 Search vendor "Balbir Singh" for product "Libcgroup" and version "0.36.1" | - |
Affected
| ||||||
| Balbir Singh Search vendor "Balbir Singh" | Libcgroup Search vendor "Balbir Singh" for product "Libcgroup" | 0.36.2 Search vendor "Balbir Singh" for product "Libcgroup" and version "0.36.2" | - |
Affected
| ||||||
| Balbir Singh Search vendor "Balbir Singh" | Libcgroup Search vendor "Balbir Singh" for product "Libcgroup" | 0.37 Search vendor "Balbir Singh" for product "Libcgroup" and version "0.37" | rc1 |
Affected
| ||||||