You are here

CVE-2011-1006

Vincent (CVE) Danen's picture
Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common.c in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear whether this issue crosses privilege boundaries.

Details Source

Mitre

Public Date

2011-03-03 00:00:00

Impact

Important

Bugzilla

CVE-2011-1006 libcgroup: Heap-based buffer overflow by converting list of controllers for given task into an array of strings

Bugzilla ID

678 107

CVSS Status

verified

Base Score

7.20

Base Metrics

AV:L/AC:L/Au:N/C:C/I:C/A:C

Acknowledgements

Red Hat would like to thank Nelson Elhage for reporting this issue.

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (libcgroup) RHSA-2011:0320 2011-03-03

CWE

CWE-122