2.1

CVE-2011-1022

EPSS 0.04%
Veröffentlicht 22.03.2011 17:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 26

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Balbir Singh ≫ Libcgroup Version <= 0.37

Balbir Singh ≫ Libcgroup Version0.1b

Balbir Singh ≫ Libcgroup Version0.1c

Balbir Singh ≫ Libcgroup Version0.2

Balbir Singh ≫ Libcgroup Version0.3

Balbir Singh ≫ Libcgroup Version0.31

Balbir Singh ≫ Libcgroup Version0.32

Balbir Singh ≫ Libcgroup Version0.32.1

Balbir Singh ≫ Libcgroup Version0.32.2

Balbir Singh ≫ Libcgroup Version0.33

Balbir Singh ≫ Libcgroup Version0.34

Balbir Singh ≫ Libcgroup Version0.35

Balbir Singh ≫ Libcgroup Version0.35.1

Balbir Singh ≫ Libcgroup Version0.36

Balbir Singh ≫ Libcgroup Version0.36.1

Balbir Singh ≫ Libcgroup Version0.36.2

Balbir Singh ≫ Libcgroup Version0.37 Updaterc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.128

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:P/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056683.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056734.html

http://lists.opensuse.org/opensuse-updates/2011-04/msg00027.html

http://secunia.com/advisories/43611

Vendor Advisory

http://secunia.com/advisories/43758

Vendor Advisory

http://secunia.com/advisories/43891

http://secunia.com/advisories/44093

http://sourceforge.net/projects/libcg/files/libcgroup/v0.37.1/libcgroup-0.37.1.tar.bz2/download

Patch

http://www.debian.org/security/2011/dsa-2193

http://www.redhat.com/support/errata/RHSA-2011-0320.html

http://www.vupen.com/english/advisories/2011/0679

Vendor Advisory

http://www.vupen.com/english/advisories/2011/0774

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615987

Patch

http://openwall.com/lists/oss-security/2011/02/25/11

Patch

http://openwall.com/lists/oss-security/2011/02/25/12

Patch

http://openwall.com/lists/oss-security/2011/02/25/14

http://openwall.com/lists/oss-security/2011/02/25/6

Patch

http://openwall.com/lists/oss-security/2011/02/25/9

Patch

http://sourceforge.net/mailarchive/message.php?msg_id=26598749

Patch

http://sourceforge.net/mailarchive/message.php?msg_id=27102603

Patch

http://www.securityfocus.com/bid/46578

http://www.securitytracker.com/id?1025157

https://bugzilla.redhat.com/show_bug.cgi?id=680409

Patch

https://nvd.nist.gov/vuln/detail/CVE-2011-1022

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-1022

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-1022

EUVD