CVE-2011-1006

CVSS V2 High 7.2 CVSS V3 None
Description
Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common.c in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear whether this issue crosses privilege boundaries.
Overview
  • CVE ID
  • CVE-2011-1006
  • Assigner
  • secalert@redhat.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2011-03-22T17:55:01
  • Last Modified Date
  • 2023-02-13T01:18:41
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:balbir_singh:libcgroup:*:*:*:*:*:*:*:* 1 OR 0.37
cpe:2.3:a:balbir_singh:libcgroup:0.1b:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:balbir_singh:libcgroup:0.1c:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:balbir_singh:libcgroup:0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:balbir_singh:libcgroup:0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:balbir_singh:libcgroup:0.31:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:balbir_singh:libcgroup:0.32:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:balbir_singh:libcgroup:0.32.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:balbir_singh:libcgroup:0.32.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:balbir_singh:libcgroup:0.33:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:balbir_singh:libcgroup:0.34:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:balbir_singh:libcgroup:0.35:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:balbir_singh:libcgroup:0.35.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:balbir_singh:libcgroup:0.36:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:balbir_singh:libcgroup:0.36.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:balbir_singh:libcgroup:0.36.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:balbir_singh:libcgroup:0.37:rc1:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:L/AC:L/Au:N/C:C/I:C/A:C
  • Access Vector
  • LOCAL
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 7.2
  • Severity
  • HIGH
  • Exploitability Score
  • 3.9
  • Impact Score
  • 10
History
Created Old Value New Value Data Type Notes
2022-05-10 11:00:42 Added to TrackCVE
2023-02-02 15:03:04 2023-02-02T14:15:44 CVE Modified Date updated
2023-02-02 15:03:05 Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common.c in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear whether this issue crosses privilege boundaries. CVE-2011-1006 libcgroup: Heap-based buffer overflow by converting list of controllers for given task into an array of strings Description updated
2023-02-13 03:03:46 2023-02-13T01:18:41 CVE Modified Date updated
2023-02-13 03:03:46 CVE-2011-1006 libcgroup: Heap-based buffer overflow by converting list of controllers for given task into an array of strings Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common.c in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear whether this issue crosses privilege boundaries. Description updated