CVE-2011-1022 : The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library

The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 does not verify that netlink messages originated in the kernel, which allows local users to bypass intended resource restrictions via a crafted message.

Published 2011-03-22 17:55:02

Updated 2011-09-07 03:15:16

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2011-1022

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2011-1022

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:N/I:P/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2011-1022

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-1022

http://openwall.com/lists/oss-security/2011/02/25/14

oss-security - Re: CVE request: libcgroup: Failure to verify netlink messages
http://www.securityfocus.com/bid/46578

libcgroup 'cgrulesengd' Daemon Netlink Messages Event Spoofing Vulnerability
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056734.html

[SECURITY] Fedora 15 Update: libcgroup-0.37.1-1.fc15

CVEs referencing this url
http://openwall.com/lists/oss-security/2011/02/25/9

oss-security - Re: CVE request: libcgroup: Failure to verify netlink messages
Patch
http://www.vupen.com/english/advisories/2011/0679

Webmail | OVH- OVH
Vendor Advisory

CVEs referencing this url
http://openwall.com/lists/oss-security/2011/02/25/11

oss-security - Re: CVE request: libcgroup: Failure to verify netlink messages
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056683.html

[SECURITY] Fedora 14 Update: libcgroup-0.36.2-6.fc14

CVEs referencing this url
http://sourceforge.net/mailarchive/message.php?msg_id=27102603

Control Group Configuration / [Libcg-devel] [PATCH 2/2] cgrulesengd: Ignore netlink messages that don't come from the kernel.
Patch
https://bugzilla.redhat.com/show_bug.cgi?id=680409

680409 – (CVE-2011-1022) CVE-2011-1022 libcgroup: Uncheck origin of NETLINK messages
Patch
http://openwall.com/lists/oss-security/2011/02/25/12

oss-security - Re: CVE request: libcgroup: Failure to verify netlink messages
Patch
http://sourceforge.net/projects/libcg/files/libcgroup/v0.37.1/libcgroup-0.37.1.tar.bz2/download

Download Control Group Configuration from SourceForge.net
Patch

CVEs referencing this url
http://openwall.com/lists/oss-security/2011/02/25/6

oss-security - CVE request: libcgroup: Failure to verify netlink messages
Patch
http://www.debian.org/security/2011/dsa-2193

Debian -- Security Information -- DSA-2193-1 libcgroup

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2011-0320.html

Support

CVEs referencing this url
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615987

#615987 - CVE-2011-1022 - Debian Bug report logs
Patch
http://lists.opensuse.org/opensuse-updates/2011-04/msg00027.html

openSUSE-SU-2011:0316-1 (important): libcgroup1: Fixed heap-based buffer

CVEs referencing this url
http://sourceforge.net/mailarchive/message.php?msg_id=26598749

Control Group Configuration / [Libcg-devel] Fwd: libcgroup netlink
Patch
http://www.securitytracker.com/id?1025157

libcgroup Lets Local Users Spoof NETLINK Messages - SecurityTracker
http://www.vupen.com/english/advisories/2011/0774

Webmail | OVH- OVH

CVEs referencing this url

Products affected by CVE-2011-1022

Balbir Singh » Libcgroup
Versions up to, including, (<=) 0.37
cpe:2.3:a:balbir_singh:libcgroup:*:*:*:*:*:*:*:*
Matching versions
Balbir Singh » Libcgroup » Version: 0.37 Update RC1
cpe:2.3:a:balbir_singh:libcgroup:0.37:rc1:*:*:*:*:*:*
Matching versions
Balbir Singh » Libcgroup » Version: 0.36.2
cpe:2.3:a:balbir_singh:libcgroup:0.36.2:*:*:*:*:*:*:*
Matching versions
Balbir Singh » Libcgroup » Version: 0.36.1
cpe:2.3:a:balbir_singh:libcgroup:0.36.1:*:*:*:*:*:*:*
Matching versions
Balbir Singh » Libcgroup » Version: 0.32.1
cpe:2.3:a:balbir_singh:libcgroup:0.32.1:*:*:*:*:*:*:*
Matching versions
Balbir Singh » Libcgroup » Version: 0.32
cpe:2.3:a:balbir_singh:libcgroup:0.32:*:*:*:*:*:*:*
Matching versions
Balbir Singh » Libcgroup » Version: 0.35
cpe:2.3:a:balbir_singh:libcgroup:0.35:*:*:*:*:*:*:*
Matching versions
Balbir Singh » Libcgroup » Version: 0.34
cpe:2.3:a:balbir_singh:libcgroup:0.34:*:*:*:*:*:*:*
Matching versions
Balbir Singh » Libcgroup » Version: 0.2
cpe:2.3:a:balbir_singh:libcgroup:0.2:*:*:*:*:*:*:*
Matching versions
Balbir Singh » Libcgroup » Version: 0.1c
cpe:2.3:a:balbir_singh:libcgroup:0.1c:*:*:*:*:*:*:*
Matching versions
Balbir Singh » Libcgroup » Version: 0.36
cpe:2.3:a:balbir_singh:libcgroup:0.36:*:*:*:*:*:*:*
Matching versions
Balbir Singh » Libcgroup » Version: 0.35.1
cpe:2.3:a:balbir_singh:libcgroup:0.35.1:*:*:*:*:*:*:*
Matching versions
Balbir Singh » Libcgroup » Version: 0.31
cpe:2.3:a:balbir_singh:libcgroup:0.31:*:*:*:*:*:*:*
Matching versions
Balbir Singh » Libcgroup » Version: 0.3
cpe:2.3:a:balbir_singh:libcgroup:0.3:*:*:*:*:*:*:*
Matching versions
Balbir Singh » Libcgroup » Version: 0.33
cpe:2.3:a:balbir_singh:libcgroup:0.33:*:*:*:*:*:*:*
Matching versions
Balbir Singh » Libcgroup » Version: 0.32.2
cpe:2.3:a:balbir_singh:libcgroup:0.32.2:*:*:*:*:*:*:*
Matching versions
Balbir Singh » Libcgroup » Version: 0.1b
cpe:2.3:a:balbir_singh:libcgroup:0.1b:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2011-1022

Exploit prediction scoring system (EPSS) score for CVE-2011-1022

CVSS scores for CVE-2011-1022

CWE ids for CVE-2011-1022

References for CVE-2011-1022

Products affected by CVE-2011-1022