CVE-2011-1022

The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message.

Affected Software

Name	Vendor	Start Version	End Version
Libcgroup	Balbir_singh	*	0.37 (including)
Libcgroup	Balbir_singh	0.1b (including)	0.1b (including)
Libcgroup	Balbir_singh	0.1c (including)	0.1c (including)
Libcgroup	Balbir_singh	0.2 (including)	0.2 (including)
Libcgroup	Balbir_singh	0.3 (including)	0.3 (including)
Libcgroup	Balbir_singh	0.31 (including)	0.31 (including)
Libcgroup	Balbir_singh	0.32 (including)	0.32 (including)
Libcgroup	Balbir_singh	0.32.1 (including)	0.32.1 (including)
Libcgroup	Balbir_singh	0.32.2 (including)	0.32.2 (including)
Libcgroup	Balbir_singh	0.33 (including)	0.33 (including)
Libcgroup	Balbir_singh	0.34 (including)	0.34 (including)
Libcgroup	Balbir_singh	0.35 (including)	0.35 (including)
Libcgroup	Balbir_singh	0.35.1 (including)	0.35.1 (including)
Libcgroup	Balbir_singh	0.36 (including)	0.36 (including)
Libcgroup	Balbir_singh	0.36.1 (including)	0.36.1 (including)
Libcgroup	Balbir_singh	0.36.2 (including)	0.36.2 (including)
Libcgroup	Balbir_singh	0.37-rc1 (including)	0.37-rc1 (including)
Red Hat Enterprise Linux 6	RedHat	libcgroup-0:0.36.1-6.el6_0.1	*
Libcgroup	Ubuntu	artful	*
Libcgroup	Ubuntu	karmic	*
Libcgroup	Ubuntu	lucid	*
Libcgroup	Ubuntu	maverick	*
Libcgroup	Ubuntu	natty	*
Libcgroup	Ubuntu	oneiric	*
Libcgroup	Ubuntu	precise	*
Libcgroup	Ubuntu	quantal	*
Libcgroup	Ubuntu	raring	*
Libcgroup	Ubuntu	saucy	*
Libcgroup	Ubuntu	upstream	*
Libcgroup	Ubuntu	utopic	*
Libcgroup	Ubuntu	vivid	*
Libcgroup	Ubuntu	wily	*
Libcgroup	Ubuntu	yakkety	*
Libcgroup	Ubuntu	zesty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-1022
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References