Test ID:	1.3.6.1.4.1.25623.1.0.69329
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-2193-1)
Summary:	The remote host is missing an update for the Debian 'libcgroup' package(s) announced via the DSA-2193-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'libcgroup' package(s) announced via the DSA-2193-1 advisory. Vulnerability Insight: Several issues have been discovered in libcgroup, a library to control and monitor control groups: CVE-2011-1006 Heap-based buffer overflow by converting list of controllers for given task into an array of strings could lead to privilege escalation by a local attacker. CVE-2011-1022 libcgroup did not properly check the origin of Netlink messages, allowing a local attacker to send crafted Netlink messages which could lead to privilege escalation. The oldstable distribution (lenny) does not contain libcgroup packages. For the stable distribution (squeeze), this problem has been fixed in version 0.36.2-3+squeeze1. For the testing distribution (wheezy) and unstable distribution (sid), this problem will be fixed soon. We recommend that you upgrade your libcgroup packages. Affected Software/OS: 'libcgroup' package(s) on Debian 6. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1006 1025158 http://www.securitytracker.com/id?1025158 43611 http://secunia.com/advisories/43611 43758 http://secunia.com/advisories/43758 43891 http://secunia.com/advisories/43891 44093 http://secunia.com/advisories/44093 46729 http://www.securityfocus.com/bid/46729 ADV-2011-0679 http://www.vupen.com/english/advisories/2011/0679 ADV-2011-0774 http://www.vupen.com/english/advisories/2011/0774 DSA-2193 http://www.debian.org/security/2011/dsa-2193 FEDORA-2011-2631 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056683.html FEDORA-2011-2638 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/056734.html RHSA-2011:0320 http://www.redhat.com/support/errata/RHSA-2011-0320.html http://libcg.git.sourceforge.net/git/gitweb.cgi?p=libcg/libcg%3Ba=commit%3Bh=5ae8aea1ecd60c439121d3329d8eaabf13d292c1 http://sourceforge.net/projects/libcg/files/libcgroup/v0.37.1/libcgroup-0.37.1.tar.bz2/download https://bugzilla.redhat.com/show_bug.cgi?id=678107 openSUSE-SU-2011:0316 http://lists.opensuse.org/opensuse-updates/2011-04/msg00027.html Common Vulnerability Exposure (CVE) ID: CVE-2011-1022 1025157 http://www.securitytracker.com/id?1025157 46578 http://www.securityfocus.com/bid/46578 [libcg-devel] 20101115 Fwd: libcgroup netlink http://sourceforge.net/mailarchive/message.php?msg_id=26598749 [libcg-devel] 20110218 [PATCH 2/2] cgrulesengd: Ignore netlink messages that don't come from the kernel. http://sourceforge.net/mailarchive/message.php?msg_id=27102603 [oss-security] 20110224 CVE request: libcgroup: Failure to verify netlink messages http://openwall.com/lists/oss-security/2011/02/25/6 [oss-security] 20110225 Re: CVE request: libcgroup: Failure to verify netlink messages http://openwall.com/lists/oss-security/2011/02/25/11 http://openwall.com/lists/oss-security/2011/02/25/12 http://openwall.com/lists/oss-security/2011/02/25/14 http://openwall.com/lists/oss-security/2011/02/25/9 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615987 https://bugzilla.redhat.com/show_bug.cgi?id=680409
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.