Submitted by Vincent (CVE) Danen on Fri, 09/18/2015 - 08:00
Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common.c in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear whether this issue crosses privilege boundaries.
CVE-2011-1006 libcgroup: Heap-based buffer overflow by converting list of controllers for given task into an array of strings
Red Hat would like to thank Nelson Elhage for reporting this issue.
Red Hat Security Errata
|Red Hat Enterprise Linux 6 (libcgroup)||RHSA-2011:0320||2011-03-03|