Procps-ng Procps Multiple Security Vulnerabilities
BID:104214
CVE-2018-1121 | CVE-2018-1122 | CVE-2018-1123 | CVE-2018-1124 | CVE-2018-1125 | CVE-2018-1126 |Info
Procps-ng Procps Multiple Security Vulnerabilities
| Bugtraq ID: | 104214 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-1121 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 |
| Remote: | Yes |
| Local: | No |
| Published: | May 17 2018 12:00AM |
| Updated: | May 17 2018 12:00AM |
| Credit: | Qualys Research Labs |
| Vulnerable: |
Redhat Enterprise Linux 7 Redhat Enterprise Linux 6 Redhat Enterprise Linux 5 procps-ng procps 0 |
| Not Vulnerable: | |
Discussion
Procps-ng Procps Multiple Security Vulnerabilities
Procps-ng Procps is prone to the following security vulnerabilities:
1. A local security-bypass vulnerability
2. A local privilege-escalation vulnerability
3. A local denial-of-service vulnerability
4. Multiple local integer-overflow vulnerabilities
5. A stack-based buffer-overflow vulnerability
Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application or perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition.
Procps-ng Procps is prone to the following security vulnerabilities:
1. A local security-bypass vulnerability
2. A local privilege-escalation vulnerability
3. A local denial-of-service vulnerability
4. Multiple local integer-overflow vulnerabilities
5. A stack-based buffer-overflow vulnerability
Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application or perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition.
Exploit / POC
Procps-ng Procps Multiple Security Vulnerabilities
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Procps-ng Procps Multiple Security Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Procps-ng Procps Multiple Security Vulnerabilities
References:
References:
- procps Homepage (procps-ng)
- Bug 1575465 CVE-2018-1124 procps-ng, procps: Integer overflows file2strvec (Redhat)
- Bug 1575466 CVE-2018-1122 procps-ng, procps: Local privilege escalation in top (Redhat)
- Bug 1575473 CVE-2018-1121 procps-ng, procps: process hiding through race condit (Redhat)
- Bug 1575474 CVE-2018-1123 procps-ng, procps: DoS (Redhat)
- Bug 1575852 CVE-2018-1125 procps-ng, procps (Redhat)
- Bug 1575853 CVE-2018-1126 procps-ng, procps (Redhat)
- CVE-2018-1121 (Redhat)
- CVE-2018-1122 (Redhat)
- CVE-2018-1123 (Redhat)
- CVE-2018-1124 (Redhat)
- CVE-2018-1125 (Redhat)
- CVE-2018-1126 (Redhat)
- Qualys Security Advisory Procps-ng Audit Report (Qualys)