Vulnerabilities > CVE-2018-1122

047910
CVSS 4.4 - MEDIUM
Attack vector
LOCAL
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
procps-ng-project
canonical
debian
nessus
exploit available

Summary

procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.

Exploit-Db

descriptionProcps-ng - Multiple Vulnerabilities. CVE-2018-1120,CVE-2018-1121,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124. Local exploit for Linux platform. Tags: Denial o...
fileexploits/linux/local/44806.txt
idEDB-ID:44806
last seen2018-05-30
modified2018-05-30
platformlinux
port
published2018-05-30
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/44806/
titleProcps-ng - Multiple Vulnerabilities
typelocal

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-0595.NASL
    descriptionAn update for procps-ng is now available for Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco Extended Update Support, and Red Hat Enterprise Linux 7.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Security Fix(es) : * procps-ng, procps: Local privilege escalation in top (CVE-2018-1122) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-03-18
    modified2020-02-26
    plugin id134067
    published2020-02-26
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134067
    titleRHEL 7 : procps-ng (RHSA-2020:0595)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2020:0595. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(134067);
      script_version("1.2");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/02");
    
      script_cve_id("CVE-2018-1122");
      script_xref(name:"RHSA", value:"2020:0595");
    
      script_name(english:"RHEL 7 : procps-ng (RHSA-2020:0595)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for procps-ng is now available for Red Hat Enterprise Linux
    7.4 Advanced Update Support, Red Hat Enterprise Linux 7.4 Telco
    Extended Update Support, and Red Hat Enterprise Linux 7.4 Update
    Services for SAP Solutions.
    
    Red Hat Product Security has rated this update as having a security
    impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link(s) in the References section.
    
    The procps-ng packages contain a set of system utilities that provide
    system information, including ps, free, skill, pkill, pgrep, snice,
    tload, top, uptime, vmstat, w, watch, and pwdx.
    
    Security Fix(es) :
    
    * procps-ng, procps: Local privilege escalation in top (CVE-2018-1122)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2020:0595"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2018-1122"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:procps-ng");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:procps-ng-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:procps-ng-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:procps-ng-i18n");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/02/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/26");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^7\.4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.4", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2020:0595";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL7", sp:"4", cpu:"i686", reference:"procps-ng-3.3.10-16.el7_4.2")) flag++;
      if (rpm_check(release:"RHEL7", sp:"4", cpu:"x86_64", reference:"procps-ng-3.3.10-16.el7_4.2")) flag++;
      if (rpm_check(release:"RHEL7", sp:"4", cpu:"i686", reference:"procps-ng-debuginfo-3.3.10-16.el7_4.2")) flag++;
      if (rpm_check(release:"RHEL7", sp:"4", cpu:"x86_64", reference:"procps-ng-debuginfo-3.3.10-16.el7_4.2")) flag++;
      if (rpm_check(release:"RHEL7", sp:"4", cpu:"i686", reference:"procps-ng-devel-3.3.10-16.el7_4.2")) flag++;
      if (rpm_check(release:"RHEL7", sp:"4", cpu:"x86_64", reference:"procps-ng-devel-3.3.10-16.el7_4.2")) flag++;
      if (rpm_check(release:"RHEL7", sp:"4", cpu:"x86_64", reference:"procps-ng-i18n-3.3.10-16.el7_4.2")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "procps-ng / procps-ng-debuginfo / procps-ng-devel / procps-ng-i18n");
      }
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2189.NASL
    descriptionAn update for procps-ng is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Security Fix(es) : * procps-ng, procps: Local privilege escalation in top (CVE-2018-1122) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127694
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127694
    titleRHEL 7 : procps-ng (RHSA-2019:2189)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2730-1.NASL
    descriptionThis update for procps fixes the following issues : procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed : CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). CVE-2018-1125: Prevent stack-based buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130145
    published2019-10-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130145
    titleSUSE SLED15 / SLES15 Security Update : procps (SUSE-SU-2019:2730-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2379.NASL
    descriptionThis update for procps fixes the following issues : procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed : - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack-based buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed : - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes : - library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures - library: Just check for SIGLOST and don
    last seen2020-06-01
    modified2020-06-02
    plugin id130334
    published2019-10-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130334
    titleopenSUSE Security Update : procps (openSUSE-2019-2379)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1340.NASL
    descriptionAccording to the versions of the procps-ng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.(CVE-2018-1122) - Due to incorrect accounting when decoding and escaping Unicode data in procfs, ps is vulnerable to overflowing an mmap()ed region when formatting the process list for display. Since ps maps a guard page at the end of the buffer, impact is limited to a crash.(CVE-2018-1123) - If an argument longer than INT_MAX bytes is given to pgrep,
    last seen2020-06-01
    modified2020-06-02
    plugin id118428
    published2018-10-26
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118428
    titleEulerOS Virtualization 2.5.0 : procps-ng (EulerOS-SA-2018-1340)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190806_PROCPS_NG_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - procps-ng, procps: Local privilege escalation in top (CVE-2018-1122)
    last seen2020-03-18
    modified2019-08-27
    plugin id128253
    published2019-08-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128253
    titleScientific Linux Security Update : procps-ng on SL7.x x86_64 (20190806)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3658-1.NASL
    descriptionIt was discovered that the procps-ng top utility incorrectly read its configuration file from the current working directory. A local attacker could possibly use this issue to escalate privileges. (CVE-2018-1122) It was discovered that the procps-ng ps tool incorrectly handled memory. A local user could possibly use this issue to cause a denial of service. (CVE-2018-1123) It was discovered that libprocps incorrectly handled the file2strvec() function. A local attacker could possibly use this to execute arbitrary code. (CVE-2018-1124) It was discovered that the procps-ng pgrep utility incorrectly handled memory. A local attacker could possibly use this issue to cause de denial of service. (CVE-2018-1125) It was discovered that procps-ng incorrectly handled memory. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2018-1126). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110094
    published2018-05-24
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110094
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : procps vulnerabilities (USN-3658-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1265.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1265 advisory. - procps-ng, procps: Local privilege escalation in top (CVE-2018-1122) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-01
    plugin id135090
    published2020-04-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135090
    titleRHEL 7 : procps-ng (RHSA-2020:1265)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-291.NASL
    descriptionThis update for procps fixes the following security issues : - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack-based buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). (These issues were previously released for SUSE Linux Enterprise 12 SP3 and SP4.) Also the following non-security issue was fixed : - Fix CPU summary showing old data. (bsc#1121753) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id122607
    published2019-03-05
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122607
    titleopenSUSE Security Update : procps (openSUSE-2019-291)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1230.NASL
    descriptionAccording to the versions of the procps-ng package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.(CVE-2018-1122) - Due to incorrect accounting when decoding and escaping Unicode data in procfs, ps is vulnerable to overflowing an mmap()ed region when formatting the process list for display. Since ps maps a guard page at the end of the buffer, impact is limited to a crash.(CVE-2018-1123) - If an argument longer than INT_MAX bytes is given to pgrep,
    last seen2020-05-06
    modified2018-08-10
    plugin id111650
    published2018-08-10
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111650
    titleEulerOS 2.0 SP3 : procps-ng (EulerOS-SA-2018-1230)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-685.NASL
    descriptionThis update for procps fixes the following security issues : - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack-based buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2018-07-02
    plugin id110830
    published2018-07-02
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110830
    titleopenSUSE Security Update : procps (openSUSE-2018-685)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2042-1.NASL
    descriptionThis update for procps fixes the following security issues : - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack-based buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id111264
    published2018-07-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111264
    titleSUSE SLES11 Security Update : procps (SUSE-SU-2018:2042-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201805-14.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201805-14 (procps: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in procps. Please review the CVE identifiers referenced below for details. Impact : A local attacker could execute arbitrary code, escalate privileges, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id110255
    published2018-05-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110255
    titleGLSA-201805-14 : procps: Multiple vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0450-1.NASL
    descriptionThis update for procps fixes the following security issues : CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). CVE-2018-1125: Prevent stack-based buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). (These issues were previously released for SUSE Linux Enterprise 12 SP3 and SP4.) Also The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122361
    published2019-02-21
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122361
    titleSUSE SLED12 / SLES12 Security Update : procps (SUSE-SU-2019:0450-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0175_PROCPS.NASL
    descriptionAn update of the procps package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id121877
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121877
    titlePhoton OS 1.0: Procps PHSA-2018-1.0-0175
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0084.NASL
    descriptionAn update of 'procps-ng', 'openssl', 'perl' packages of Photon OS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id112035
    published2018-08-21
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=112035
    titlePhoton OS 2.0: Openssl / Procps-ng / Perl PHSA-2018-2.0-0084 (deprecated)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1326.NASL
    descriptionAccording to the versions of the procps-ng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.(CVE-2018-1122) - Due to incorrect accounting when decoding and escaping Unicode data in procfs, ps is vulnerable to overflowing an mmap()ed region when formatting the process list for display. Since ps maps a guard page at the end of the buffer, impact is limited to a crash.(CVE-2018-1123) - If an argument longer than INT_MAX bytes is given to pgrep,
    last seen2020-06-01
    modified2020-06-02
    plugin id118414
    published2018-10-26
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118414
    titleEulerOS Virtualization 2.5.1 : procps-ng (EulerOS-SA-2018-1326)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1836-1.NASL
    descriptionThis update for procps fixes the following security issues : - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack-based buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110804
    published2018-06-29
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110804
    titleSUSE SLED12 / SLES12 Security Update : procps (SUSE-SU-2018:1836-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2451-2.NASL
    descriptionThis update for procps fixes the following security issues : CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). CVE-2018-1125: Prevent stack-based buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id119211
    published2018-11-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119211
    titleSUSE SLED12 / SLES12 Security Update : procps (SUSE-SU-2018:2451-2)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1198.NASL
    descriptionAccording to the versions of the procps-ng package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124) - procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126) - If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.(CVE-2018-1122) - Due to incorrect accounting when decoding and escaping Unicode data in procfs, ps is vulnerable to overflowing an mmap()ed region when formatting the process list for display. Since ps maps a guard page at the end of the buffer, impact is limited to a crash.(CVE-2018-1123) - If an argument longer than INT_MAX bytes is given to pgrep,
    last seen2020-05-06
    modified2018-07-03
    plugin id110862
    published2018-07-03
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110862
    titleEulerOS 2.0 SP2 : procps-ng (EulerOS-SA-2018-1198)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4208.NASL
    descriptionThe Qualys Research Labs discovered multiple vulnerabilities in procps, a set of command line and full screen utilities for browsing procfs. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2018-1122 top read its configuration from the current working directory if no $HOME was configured. If top were started from a directory writable by the attacker (such as /tmp) this could result in local privilege escalation. - CVE-2018-1123 Denial of service against the ps invocation of another user. - CVE-2018-1124 An integer overflow in the file2strvec() function of libprocps could result in local privilege escalation. - CVE-2018-1125 A stack-based buffer overflow in pgrep could result in denial of service for a user using pgrep for inspecting a specially crafted process. - CVE-2018-1126 Incorrect integer size parameters used in wrappers for standard C allocators could cause integer truncation and lead to integer overflow issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109969
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109969
    titleDebian DSA-4208-1 : procps - security update
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1333.NASL
    descriptionIf the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.(CVE-2018-1122)
    last seen2020-06-01
    modified2020-06-02
    plugin id130229
    published2019-10-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130229
    titleAmazon Linux 2 : procps-ng (ALAS-2019-1333)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2376.NASL
    descriptionThis update for procps fixes the following issues : procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed : - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack-based buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed : - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes : - library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures - library: Just check for SIGLOST and don
    last seen2020-06-01
    modified2020-06-02
    plugin id130333
    published2019-10-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130333
    titleopenSUSE Security Update : procps (openSUSE-2019-2376)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1390.NASL
    descriptionThe Qualys Research Labs discovered multiple vulnerabilities in procps, a set of command line and full screen utilities for browsing procfs. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2018-1122 top read its configuration from the current working directory if no $HOME was configured. If top were started from a directory writable by the attacker (such as /tmp) this could result in local privilege escalation. CVE-2018-1123 Denial of service against the ps invocation of another user. CVE-2018-1124 An integer overflow in the file2strvec() function of libprocps could result in local privilege escalation. CVE-2018-1125 A stack-based buffer overflow in pgrep could result in denial of service for a user using pgrep for inspecting a specially crafted process. CVE-2018-1126 Incorrect integer size parameters used in wrappers for standard C allocators could cause integer truncation and lead to integer overflow issues. For Debian 7
    last seen2020-03-17
    modified2018-06-05
    plugin id110312
    published2018-06-05
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110312
    titleDebian DLA-1390-1 : procps security update
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-2189.NASL
    descriptionAn update for procps-ng is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Security Fix(es) : * procps-ng, procps: Local privilege escalation in top (CVE-2018-1122) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id128373
    published2019-08-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128373
    titleCentOS 7 : procps-ng (CESA-2019:2189)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2018-142-03.NASL
    descriptionNew procps-ng packages are available for Slackware 14.2 and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109950
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109950
    titleSlackware 14.2 / current : procps-ng (SSA:2018-142-03)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0184_PROCPS-NG.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has procps-ng packages installed that are affected by a vulnerability: - procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function. (CVE-2018-1122) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id129932
    published2019-10-15
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129932
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : procps-ng Vulnerability (NS-SA-2019-0184)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0252_PROCPS-NG.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has procps-ng packages installed that are affected by a vulnerability: - procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function. (CVE-2018-1122) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id132484
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132484
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : procps-ng Vulnerability (NS-SA-2019-0252)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0084_PROCPS.NASL
    descriptionAn update of the procps package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id121983
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121983
    titlePhoton OS 2.0: Procps PHSA-2018-2.0-0084

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/147806/qualys-procps-ng-audit-report.txt
idPACKETSTORM:147806
last seen2018-05-24
published2018-05-22
reporterqualys.com
sourcehttps://packetstormsecurity.com/files/147806/Procps-ng-Audit-Report.html
titleProcps-ng Audit Report

Redhat

advisories
  • bugzilla
    id1699264
    titleFree output is wrong
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentprocps-ng is earlier than 0:3.3.10-26.el7
            ovaloval:com.redhat.rhsa:tst:20192189001
          • commentprocps-ng is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20181700006
        • AND
          • commentprocps-ng-devel is earlier than 0:3.3.10-26.el7
            ovaloval:com.redhat.rhsa:tst:20192189003
          • commentprocps-ng-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20181700002
        • AND
          • commentprocps-ng-i18n is earlier than 0:3.3.10-26.el7
            ovaloval:com.redhat.rhsa:tst:20192189005
          • commentprocps-ng-i18n is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20181700004
    rhsa
    idRHSA-2019:2189
    released2019-08-06
    severityModerate
    titleRHSA-2019:2189: procps-ng security and bug fix update (Moderate)
  • rhsa
    idRHSA-2020:0595
rpms
  • procps-ng-0:3.3.10-26.el7
  • procps-ng-debuginfo-0:3.3.10-26.el7
  • procps-ng-devel-0:3.3.10-26.el7
  • procps-ng-i18n-0:3.3.10-26.el7
  • procps-ng-0:3.3.10-16.el7_4.2
  • procps-ng-debuginfo-0:3.3.10-16.el7_4.2
  • procps-ng-devel-0:3.3.10-16.el7_4.2
  • procps-ng-i18n-0:3.3.10-16.el7_4.2
  • procps-ng-0:3.3.10-17.el7_5.4
  • procps-ng-debuginfo-0:3.3.10-17.el7_5.4
  • procps-ng-devel-0:3.3.10-17.el7_5.4
  • procps-ng-i18n-0:3.3.10-17.el7_5.4
  • procps-ng-0:3.3.10-23.el7_6.2
  • procps-ng-debuginfo-0:3.3.10-23.el7_6.2
  • procps-ng-devel-0:3.3.10-23.el7_6.2
  • procps-ng-i18n-0:3.3.10-23.el7_6.2