Scientific Linux 6.x Security Advisory: Important Libcgroup Buffer Overflow

Date: Fri, 4 Mar 2011 15:33:09 -0600
Reply-To: Troy Dawson 
Sender: Security Errata for Scientific Linux
 
From: Troy Dawson 
Subject: Security ERRATA Important: libcgroup on SL6.x i386/x86_64
Comments: To: "This email address is being protected from spambots. You need JavaScript enabled to view it."
 

Synopsis:	Important: libcgroup security update
Issue date:	2011-03-03
CVE Names:	CVE-2011-1006 CVE-2011-1022

A heap-based buffer overflow flaw was found in the way libcgroup
converted a list of user-provided controllers for a particular task into
an array of strings. A local attacker could use this flaw to escalate
their privileges via a specially-crafted list of controllers.
(CVE-2011-1006)

It was discovered that libcgroup did not properly check the origin of
Netlink messages. A local attacker could use this flaw to send crafted
Netlink messages to the cgrulesengd daemon, causing it to put processes
into one or more existing control groups, based on the attacker's
choosing, possibly allowing the particular tasks to run with more
resources (memory, CPU, etc.) than originally intended. (CVE-2011-1022)

SL 6.x

 SRPMS:
libcgroup-0.36.1-6.el6_0.1.src.rpm
 i386:
libcgroup-0.36.1-6.el6_0.1.i686.rpm
libcgroup-devel-0.36.1-6.el6_0.1.i686.rpm
libcgroup-pam-0.36.1-6.el6_0.1.i686.rpm
 x86_64:
libcgroup-0.36.1-6.el6_0.1.i686.rpm
libcgroup-0.36.1-6.el6_0.1.x86_64.rpm
libcgroup-devel-0.36.1-6.el6_0.1.i686.rpm
libcgroup-devel-0.36.1-6.el6_0.1.x86_64.rpm
libcgroup-pam-0.36.1-6.el6_0.1.i686.rpm
libcgroup-pam-0.36.1-6.el6_0.1.x86_64.rpm

-Connie Sieh
-Troy Dawson