Home

CVE-2011-1006

Description

Heap-based buffer overflow in the parse_cgroup_spec function in tools/tools-common.c in the Control Group Configuration Library (aka libcgroup or libcg) before 0.37.1 allows local users to gain privileges via a crafted controller list on the command line of an application. NOTE: it is not clear whether this issue crosses privilege boundaries.

Risk Information

Base Score
8.4
MODERATE
Vector
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.129

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2011:0320) Important: libcgroup security update libcgroup-0.36.1-6.el6_0.1.i686.rpmLinux
(RHSA-2011:0320) Important: libcgroup security update libcgroup-0.36.1-6.el6_0.1.x86_64.rpmLinux
(RHSA-2011:0320) Important: libcgroup security update libcgroup-devel-0.36.1-6.el6_0.1.i686.rpmLinux
(RHSA-2011:0320) Important: libcgroup security update libcgroup-devel-0.36.1-6.el6_0.1.x86_64.rpmLinux
(RHSA-2011:0320) Important: libcgroup security update libcgroup-pam-0.36.1-6.el6_0.1.i686.rpmLinux
(RHSA-2011:0320) Important: libcgroup security update libcgroup-pam-0.36.1-6.el6_0.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234