Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 372985

Summary: <dev-libs/libcgroup-0.38: intended resource restriction bypass (CVE-2011-{1006,1022})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: alexanderyt, andreis.vinogradovs, davidweb, dev-tools, jaak, nerdboy, proxy-maint
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~1 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on: 437856    
Bug Blocks:    

Description GLSAMaker/CVETool Bot gentoo-dev 2011-06-25 13:00:32 UTC 
CVE-2011-1022 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1022):
  The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in cgrulesengd
  in the Control Group Configuration Library (aka libcgroup or libcg) before
  0.37.1 does not verify that netlink messages originated in the kernel, which
  allows local users to bypass intended resource restrictions via a crafted
  message.


Please punt older versions.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2011-07-11 23:31:57 UTC 
CVE-2011-1006 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1006):
  Heap-based buffer overflow in the parse_cgroup_spec function in
  tools/tools-common.c in the Control Group Configuration Library (aka
  libcgroup or libcg) before 0.37.1 allows local users to gain privileges via
  a crafted controller list on the command line of an application.  NOTE: it
  is not clear whether this issue crosses privilege boundaries.
Comment 2 Andreis Vinogradovs ( slepnoga ) 2012-05-28 10:50:23 UTC 
New version available http://sourceforge.net/projects/libcg/files/libcgroup/v.038/
relised 	2012-02-20
Comment 3 Alex Legler (RETIRED) archtester gentoo-dev Security 2012-05-28 11:07:07 UTC 
*** Bug 417963 has been marked as a duplicate of this bug. ***
Comment 4 Jaak Ristioja 2012-08-09 19:48:08 UTC 
Why is this taking so long?!
Comment 5 Maxim Koltsov (RETIRED) gentoo-dev 2012-11-26 18:46:32 UTC 
Version 0.38 was added to tree, it does not have the vulnerability. Please clean old versions.
Comment 6 Andreis Vinogradovs ( slepnoga ) 2012-11-27 07:15:08 UTC 
due #437856 resolved, please drop affected version from tree
Comment 7 Sergey Popov gentoo-dev 2012-11-27 07:46:41 UTC 
+  27 Nov 2012; Sergey Popov <pinkbyte@gentoo.org> -libcgroup-0.37-r2.ebuild,
+  -files/libcgroup-0.37-wildcard-substitutions.patch:
+  Drop vulnerable versions, wrt bug #372985

Also, adding missing maintaining herd(proxy maintainers) to CC
Comment 8 Sean Amoss (RETIRED) gentoo-dev Security 2012-11-27 12:02:51 UTC 
Thanks, everyone.

Closing noglsa for ~arch only.