CVE-2011-1022

Name of the Vulnerable Software and Affected Versions libcgroup versions prior to 0.37.1 libcgroup-pam version 0.36.1 libcgroup-devel version 0.36.1 libcgroup-debuginfo version 0.36.1

Description The issue concerns multiple vulnerabilities in the libcgroup package, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited locally, allowing attackers to bypass intended resource restrictions. The cgre receive netlink msg function in daemon/cgrulesengd.c does not verify that netlink messages originated in the kernel, enabling local users to exploit this weakness via crafted messages.

Recommendations For versions prior to 0.37.1, update to version 0.37.1 or later to resolve the issue. For libcgroup-pam version 0.36.1, update to a version that includes the fix for this vulnerability. For libcgroup-devel version 0.36.1, update to a version that includes the fix for this vulnerability. For libcgroup-debuginfo version 0.36.1, update to a version that includes the fix for this vulnerability. As a temporary workaround, consider restricting access to the cgre receive netlink msg function until a patch is available.