Bug 680409 (CVE-2011-1022)

Summary: CVE-2011-1022 libcgroup: Uncheck origin of NETLINK messages
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: balbir, dhaval.bugzilla, jsafrane, varekova, vkrizan
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-07-29 14:00:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On: 680412, 680438, 680439    
Bug Blocks:    

Description Jan Lieskovsky 2011-02-25 13:27:36 UTC
It was discovered that libcgroup did not properly check
the origin of Netlink messages. A local attacker could
use this flaw to send crafted Netlink messages to the
cgrulesengd daemon, causing it to put processes into one
or more existing control groups, based on the attacker's
choosing, possibly allowing the particular tasks to run
with more resources (memory, CPU, etc.) than originally
intended.


References:
[1] http://sourceforge.net/mailarchive/message.php?msg_id=27102603

CVE Request:
[2] http://www.openwall.com/lists/oss-security/2011/02/25/6

CVE Assignment:
[3] http://www.openwall.com/lists/oss-security/2011/02/25/9

Comment 1 Jan Lieskovsky 2011-02-25 13:29:28 UTC
This issue affects the version of the libcgroup package, as shipped
with Red Hat Enterprise Linux 6.

--

This issue affects the versions of the libcgroup package, as shipped
with Fedora release of 13 and 14.

Please schedule an update.

Comment 2 Jan Lieskovsky 2011-02-25 13:30:20 UTC
Created libcgroup tracking bugs for this issue

Affects: fedora-all [bug 680412]

Comment 6 errata-xmlrpc 2011-03-03 23:17:21 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0320 https://rhn.redhat.com/errata/RHSA-2011-0320.html