CVE-2011-1006

Name of the Vulnerable Software and Affected Versions libcgroup versions prior to 0.37.1 libcgroup-pam version 0.36.1 libcgroup-devel version 0.36.1 libcgroup-debuginfo version 0.36.1

Description The issue concerns multiple vulnerabilities in the libcgroup package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited locally, potentially allowing attackers to gain privileges via a crafted controller list on the command line of an application. The parse cgroup spec function in tools/tools-common.c is specifically affected by a heap-based buffer overflow.

Recommendations For libcgroup versions prior to 0.37.1, update to version 0.37.1 or later to resolve the issue. For libcgroup-pam version 0.36.1, consider disabling the parse cgroup spec function as a temporary workaround until a patch is available. For libcgroup-devel version 0.36.1, restrict access to the vulnerable tools/tools-common.c module to minimize the risk of exploitation. For libcgroup-debuginfo version 0.36.1, avoid using the affected parse cgroup spec function in the tools/tools-common.c file until the issue is resolved. As a general mitigation measure, consider restricting local access to the affected systems to minimize the risk of exploitation.