Vulnerabilities > CVE-2018-1123

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
procps-ng-project
canonical
debian
nessus
exploit available

Summary

procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).

Exploit-Db

descriptionProcps-ng - Multiple Vulnerabilities. CVE-2018-1120,CVE-2018-1121,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124. Local exploit for Linux platform. Tags: Denial o...
fileexploits/linux/local/44806.txt
idEDB-ID:44806
last seen2018-05-30
modified2018-05-30
platformlinux
port
published2018-05-30
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/44806/
titleProcps-ng - Multiple Vulnerabilities
typelocal

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2730-1.NASL
    descriptionThis update for procps fixes the following issues : procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed : CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). CVE-2018-1125: Prevent stack-based buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id130145
    published2019-10-22
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130145
    titleSUSE SLED15 / SLES15 Security Update : procps (SUSE-SU-2019:2730-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:2730-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130145);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/18");
    
      script_cve_id("CVE-2018-1122", "CVE-2018-1123", "CVE-2018-1124", "CVE-2018-1125", "CVE-2018-1126");
    
      script_name(english:"SUSE SLED15 / SLES15 Security Update : procps (SUSE-SU-2019:2730-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for procps fixes the following issues :
    
    procps was updated to 3.3.15. (bsc#1092100)
    
    Following security issues were fixed :
    
    CVE-2018-1122: Prevent local privilege escalation in top. If a user
    ran top with HOME unset in an attacker-controlled directory, the
    attacker could have achieved privilege escalation by exploiting one of
    several vulnerabilities in the config_file() function (bsc#1092100).
    
    CVE-2018-1123: Prevent denial of service in ps via mmap buffer
    overflow. Inbuilt protection in ps maped a guard page at the end of
    the overflowed buffer, ensuring that the impact of this flaw is
    limited to a crash (temporary denial of service) (bsc#1092100).
    
    CVE-2018-1124: Prevent multiple integer overflows leading to a heap
    corruption in file2strvec function. This allowed a privilege
    escalation for a local attacker who can create entries in procfs by
    starting processes, which could result in crashes or arbitrary code
    execution in proc utilities run by other users (bsc#1092100).
    
    CVE-2018-1125: Prevent stack-based buffer overflow in pgrep. This
    vulnerability was mitigated by FORTIFY limiting the impact to a crash
    (bsc#1092100).
    
    CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent
    truncation/integer overflow issues (bsc#1092100).
    
    Also 
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1092100"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1121753"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1122/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1123/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1124/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1125/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1126/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20192730-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b6d6148b"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch
    SUSE-SLE-Module-Basesystem-15-SP1-2019-2730=1
    
    SUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch
    SUSE-SLE-Module-Basesystem-15-2019-2730=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libprocps7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libprocps7-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:procps");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:procps-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:procps-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:procps-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/22");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES15" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP0/1", os_ver + " SP" + sp);
    if (os_ver == "SLED15" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP0/1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES15", sp:"1", reference:"libprocps7-3.3.15-7.7.26")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"libprocps7-debuginfo-3.3.15-7.7.26")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"procps-3.3.15-7.7.26")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"procps-debuginfo-3.3.15-7.7.26")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"procps-debugsource-3.3.15-7.7.26")) flag++;
    if (rpm_check(release:"SLES15", sp:"1", reference:"procps-devel-3.3.15-7.7.26")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libprocps7-3.3.15-7.7.26")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"libprocps7-debuginfo-3.3.15-7.7.26")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"procps-3.3.15-7.7.26")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"procps-debuginfo-3.3.15-7.7.26")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"procps-debugsource-3.3.15-7.7.26")) flag++;
    if (rpm_check(release:"SLES15", sp:"0", reference:"procps-devel-3.3.15-7.7.26")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"libprocps7-3.3.15-7.7.26")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"libprocps7-debuginfo-3.3.15-7.7.26")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"procps-3.3.15-7.7.26")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"procps-debuginfo-3.3.15-7.7.26")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"procps-debugsource-3.3.15-7.7.26")) flag++;
    if (rpm_check(release:"SLED15", sp:"1", reference:"procps-devel-3.3.15-7.7.26")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libprocps7-3.3.15-7.7.26")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"libprocps7-debuginfo-3.3.15-7.7.26")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"procps-3.3.15-7.7.26")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"procps-debuginfo-3.3.15-7.7.26")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"procps-debugsource-3.3.15-7.7.26")) flag++;
    if (rpm_check(release:"SLED15", sp:"0", reference:"procps-devel-3.3.15-7.7.26")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "procps");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2379.NASL
    descriptionThis update for procps fixes the following issues : procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed : - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack-based buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed : - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes : - library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures - library: Just check for SIGLOST and don
    last seen2020-06-01
    modified2020-06-02
    plugin id130334
    published2019-10-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130334
    titleopenSUSE Security Update : procps (openSUSE-2019-2379)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-2379.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130334);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/18");
    
      script_cve_id("CVE-2018-1122", "CVE-2018-1123", "CVE-2018-1124", "CVE-2018-1125", "CVE-2018-1126");
    
      script_name(english:"openSUSE Security Update : procps (openSUSE-2019-2379)");
      script_summary(english:"Check for the openSUSE-2019-2379 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for procps fixes the following issues :
    
    procps was updated to 3.3.15. (bsc#1092100)
    
    Following security issues were fixed :
    
      - CVE-2018-1122: Prevent local privilege escalation in
        top. If a user ran top with HOME unset in an
        attacker-controlled directory, the attacker could have
        achieved privilege escalation by exploiting one of
        several vulnerabilities in the config_file() function
        (bsc#1092100).
    
      - CVE-2018-1123: Prevent denial of service in ps via mmap
        buffer overflow. Inbuilt protection in ps maped a guard
        page at the end of the overflowed buffer, ensuring that
        the impact of this flaw is limited to a crash (temporary
        denial of service) (bsc#1092100).
    
      - CVE-2018-1124: Prevent multiple integer overflows
        leading to a heap corruption in file2strvec function.
        This allowed a privilege escalation for a local attacker
        who can create entries in procfs by starting processes,
        which could result in crashes or arbitrary code
        execution in proc utilities run by other users
        (bsc#1092100).
    
      - CVE-2018-1125: Prevent stack-based buffer overflow in
        pgrep. This vulnerability was mitigated by FORTIFY
        limiting the impact to a crash (bsc#1092100).
    
      - CVE-2018-1126: Ensure correct integer size in
        proc/alloc.* to prevent truncation/integer overflow
        issues (bsc#1092100).
    
    Also this non-security issue was fixed :
    
      - Fix CPU summary showing old data. (bsc#1121753)
    
    The update to 3.3.15 contains the following fixes :
    
      - library: Increment to 8:0:1 No removals, no new
        functions Changes: slab and pid structures
    
      - library: Just check for SIGLOST and don't delete it
    
      - library: Fix integer overflow and LPE in file2strvec
        CVE-2018-1124
    
      - library: Use size_t for alloc functions CVE-2018-1126
    
      - library: Increase comm size to 64
    
      - pgrep: Fix stack-based buffer overflow CVE-2018-1125
    
      - pgrep: Remove >15 warning as comm can be longer
    
      - ps: Fix buffer overflow in output buffer, causing DOS
        CVE-2018-1123
    
      - ps: Increase command name selection field to 64
    
      - top: Don't use cwd for location of config CVE-2018-1122
    
      - update translations
    
      - library: build on non-glibc systems
    
      - free: fix scaling on 32-bit systems
    
      - Revert 'Support running with child namespaces'
    
      - library: Increment to 7:0:1 No changes, no removals New
        fuctions: numa_init, numa_max_node, numa_node_of_cpu,
        numa_uninit, xalloc_err_handler
    
      - doc: Document I idle state in ps.1 and top.1
    
      - free: fix some of the SI multiples
    
      - kill: -l space between name parses correctly
    
      - library: dont use vm_min_free on non Linux
    
      - library: don't strip off wchan prefixes (ps & top)
    
      - pgrep: warn about 15+ char name only if -f not used
    
      - pgrep/pkill: only match in same namespace by default
    
      - pidof: specify separator between pids
    
      - pkill: Return 0 only if we can kill process
    
      - pmap: fix duplicate output line under '-x' option
    
      - ps: avoid eip/esp address truncations
    
      - ps: recognizes SCHED_DEADLINE as valid CPU scheduler
    
      - ps: display NUMA node under which a thread ran
    
      - ps: Add seconds display for cputime and time
    
      - ps: Add LUID field
    
      - sysctl: Permit empty string for value
    
      - sysctl: Don't segv when file not available
    
      - sysctl: Read and write large buffers
    
      - top: add config file support for XDG specification
    
      - top: eliminated minor libnuma memory leak
    
      - top: show fewer memory decimal places (configurable)
    
      - top: provide command line switch for memory scaling
    
      - top: provide command line switch for CPU States
    
      - top: provides more accurate cpu usage at startup
    
      - top: display NUMA node under which a thread ran
    
      - top: fix argument parsing quirk resulting in SEGV
    
      - top: delay interval accepts non-locale radix point
    
      - top: address a wishlist man page NLS suggestion
    
      - top: fix potential distortion in 'Mem' graph display
    
      - top: provide proper multi-byte string handling
    
      - top: startup defaults are fully customizable
    
      - watch: define HOST_NAME_MAX where not defined
    
      - vmstat: Fix alignment for disk partition format
    
      - watch: Support ANSI 39,49 reset sequences
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1092100"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121753"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected procps packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libprocps7");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libprocps7-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:procps");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:procps-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:procps-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:procps-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/10/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"libprocps7-3.3.15-lp150.5.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libprocps7-debuginfo-3.3.15-lp150.5.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"procps-3.3.15-lp150.5.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"procps-debuginfo-3.3.15-lp150.5.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"procps-debugsource-3.3.15-lp150.5.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"procps-devel-3.3.15-lp150.5.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libprocps7 / libprocps7-debuginfo / procps / procps-debuginfo / etc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1340.NASL
    descriptionAccording to the versions of the procps-ng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.(CVE-2018-1122) - Due to incorrect accounting when decoding and escaping Unicode data in procfs, ps is vulnerable to overflowing an mmap()ed region when formatting the process list for display. Since ps maps a guard page at the end of the buffer, impact is limited to a crash.(CVE-2018-1123) - If an argument longer than INT_MAX bytes is given to pgrep,
    last seen2020-06-01
    modified2020-06-02
    plugin id118428
    published2018-10-26
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118428
    titleEulerOS Virtualization 2.5.0 : procps-ng (EulerOS-SA-2018-1340)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118428);
      script_version("1.5");
      script_cvs_date("Date: 2019/06/28 11:31:59");
    
      script_cve_id(
        "CVE-2018-1122",
        "CVE-2018-1123",
        "CVE-2018-1124",
        "CVE-2018-1125",
        "CVE-2018-1126"
      );
    
      script_name(english:"EulerOS Virtualization 2.5.0 : procps-ng (EulerOS-SA-2018-1340)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS Virtualization host is missing multiple security
    updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the procps-ng package installed, the
    EulerOS Virtualization installation on the remote host is affected by
    the following vulnerabilities :
    
      - If the HOME environment variable is unset or empty, top
        will read its configuration file from the current
        working directory without any security check. If a user
        runs top with HOME unset in an attacker-controlled
        directory, the attacker could achieve privilege
        escalation by exploiting one of several vulnerabilities
        in the config_file() function.(CVE-2018-1122)
    
      - Due to incorrect accounting when decoding and escaping
        Unicode data in procfs, ps is vulnerable to overflowing
        an mmap()ed region when formatting the process list for
        display. Since ps maps a guard page at the end of the
        buffer, impact is limited to a crash.(CVE-2018-1123)
    
      - If an argument longer than INT_MAX bytes is given to
        pgrep, 'int bytes' could wrap around back to a large
        positive int (rather than approaching zero), leading to
        a stack buffer overflow via strncat().(CVE-2018-1125)
    
      - procps-ng, procps: Integer overflows leading to heap
        overflow in file2strvec (CVE-2018-1124)
    
      - procps-ng, procps: incorrect integer size in
        proc/alloc.* leading to truncation / integer overflow
        issues (CVE-2018-1126)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1340
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5e34c811");
      script_set_attribute(attribute:"solution", value:
    "Update the affected procps-ng packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/10/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/26");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:procps-ng");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.5.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (uvp != "2.5.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.5.0");
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["procps-ng-3.3.10-17.2.h1"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "procps-ng");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3658-1.NASL
    descriptionIt was discovered that the procps-ng top utility incorrectly read its configuration file from the current working directory. A local attacker could possibly use this issue to escalate privileges. (CVE-2018-1122) It was discovered that the procps-ng ps tool incorrectly handled memory. A local user could possibly use this issue to cause a denial of service. (CVE-2018-1123) It was discovered that libprocps incorrectly handled the file2strvec() function. A local attacker could possibly use this to execute arbitrary code. (CVE-2018-1124) It was discovered that the procps-ng pgrep utility incorrectly handled memory. A local attacker could possibly use this issue to cause de denial of service. (CVE-2018-1125) It was discovered that procps-ng incorrectly handled memory. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2018-1126). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110094
    published2018-05-24
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110094
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : procps vulnerabilities (USN-3658-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3658-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(110094);
      script_version("1.9");
      script_cvs_date("Date: 2019/09/18 12:31:48");
    
      script_cve_id("CVE-2018-1122", "CVE-2018-1123", "CVE-2018-1124", "CVE-2018-1125", "CVE-2018-1126");
      script_xref(name:"USN", value:"3658-1");
      script_xref(name:"IAVA", value:"2018-A-0174");
    
      script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : procps vulnerabilities (USN-3658-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "It was discovered that the procps-ng top utility incorrectly read its
    configuration file from the current working directory. A local
    attacker could possibly use this issue to escalate privileges.
    (CVE-2018-1122)
    
    It was discovered that the procps-ng ps tool incorrectly handled
    memory. A local user could possibly use this issue to cause a denial
    of service. (CVE-2018-1123)
    
    It was discovered that libprocps incorrectly handled the file2strvec()
    function. A local attacker could possibly use this to execute
    arbitrary code. (CVE-2018-1124)
    
    It was discovered that the procps-ng pgrep utility incorrectly handled
    memory. A local attacker could possibly use this issue to cause de
    denial of service. (CVE-2018-1125)
    
    It was discovered that procps-ng incorrectly handled memory. A local
    attacker could use this issue to cause a denial of service, or
    possibly execute arbitrary code. (CVE-2018-1126).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3658-1/"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libprocps3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libprocps4");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libprocps6");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:procps");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/05/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"II");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04|16\.04|17\.10|18\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 17.10 / 18.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"libprocps3", pkgver:"1:3.3.9-1ubuntu2.3")) flag++;
    if (ubuntu_check(osver:"14.04", pkgname:"procps", pkgver:"1:3.3.9-1ubuntu2.3")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"libprocps4", pkgver:"2:3.3.10-4ubuntu2.4")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"procps", pkgver:"2:3.3.10-4ubuntu2.4")) flag++;
    if (ubuntu_check(osver:"17.10", pkgname:"libprocps6", pkgver:"2:3.3.12-1ubuntu2.1")) flag++;
    if (ubuntu_check(osver:"17.10", pkgname:"procps", pkgver:"2:3.3.12-1ubuntu2.1")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"libprocps6", pkgver:"2:3.3.12-3ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"procps", pkgver:"2:3.3.12-3ubuntu1.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libprocps3 / libprocps4 / libprocps6 / procps");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-291.NASL
    descriptionThis update for procps fixes the following security issues : - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack-based buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). (These issues were previously released for SUSE Linux Enterprise 12 SP3 and SP4.) Also the following non-security issue was fixed : - Fix CPU summary showing old data. (bsc#1121753) This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id122607
    published2019-03-05
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122607
    titleopenSUSE Security Update : procps (openSUSE-2019-291)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-291.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122607);
      script_version("1.2");
      script_cvs_date("Date: 2019/04/02 21:54:17");
    
      script_cve_id("CVE-2018-1122", "CVE-2018-1123", "CVE-2018-1124", "CVE-2018-1125", "CVE-2018-1126");
    
      script_name(english:"openSUSE Security Update : procps (openSUSE-2019-291)");
      script_summary(english:"Check for the openSUSE-2019-291 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for procps fixes the following security issues :
    
      - CVE-2018-1122: Prevent local privilege escalation in
        top. If a user ran top with HOME unset in an
        attacker-controlled directory, the attacker could have
        achieved privilege escalation by exploiting one of
        several vulnerabilities in the config_file() function
        (bsc#1092100).
    
      - CVE-2018-1123: Prevent denial of service in ps via mmap
        buffer overflow. Inbuilt protection in ps maped a guard
        page at the end of the overflowed buffer, ensuring that
        the impact of this flaw is limited to a crash (temporary
        denial of service) (bsc#1092100).
    
      - CVE-2018-1124: Prevent multiple integer overflows
        leading to a heap corruption in file2strvec function.
        This allowed a privilege escalation for a local attacker
        who can create entries in procfs by starting processes,
        which could result in crashes or arbitrary code
        execution in proc utilities run by other users
        (bsc#1092100).
    
      - CVE-2018-1125: Prevent stack-based buffer overflow in
        pgrep. This vulnerability was mitigated by FORTIFY
        limiting the impact to a crash (bsc#1092100).
    
      - CVE-2018-1126: Ensure correct integer size in
        proc/alloc.* to prevent truncation/integer overflow
        issues (bsc#1092100).
    
    (These issues were previously released for SUSE Linux Enterprise 12
    SP3 and SP4.)
    
    Also the following non-security issue was fixed :
    
      - Fix CPU summary showing old data. (bsc#1121753)
    
    This update was imported from the SUSE:SLE-12:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1092100"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1121753"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected procps packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libprocps3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libprocps3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:procps");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:procps-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:procps-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:procps-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.3", reference:"libprocps3-3.3.9-23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libprocps3-debuginfo-3.3.9-23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"procps-3.3.9-23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"procps-debuginfo-3.3.9-23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"procps-debugsource-3.3.9-23.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"procps-devel-3.3.9-23.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libprocps3 / libprocps3-debuginfo / procps / procps-debuginfo / etc");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1230.NASL
    descriptionAccording to the versions of the procps-ng package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.(CVE-2018-1122) - Due to incorrect accounting when decoding and escaping Unicode data in procfs, ps is vulnerable to overflowing an mmap()ed region when formatting the process list for display. Since ps maps a guard page at the end of the buffer, impact is limited to a crash.(CVE-2018-1123) - If an argument longer than INT_MAX bytes is given to pgrep,
    last seen2020-05-06
    modified2018-08-10
    plugin id111650
    published2018-08-10
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111650
    titleEulerOS 2.0 SP3 : procps-ng (EulerOS-SA-2018-1230)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111650);
      script_version("1.6");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");
    
      script_cve_id(
        "CVE-2018-1122",
        "CVE-2018-1123",
        "CVE-2018-1125"
      );
    
      script_name(english:"EulerOS 2.0 SP3 : procps-ng (EulerOS-SA-2018-1230)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "According to the versions of the procps-ng package installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerabilities :
    
      - If the HOME environment variable is unset or empty, top
        will read its configuration file from the current
        working directory without any security check. If a user
        runs top with HOME unset in an attacker-controlled
        directory, the attacker could achieve privilege
        escalation by exploiting one of several vulnerabilities
        in the config_file() function.(CVE-2018-1122)
    
      - Due to incorrect accounting when decoding and escaping
        Unicode data in procfs, ps is vulnerable to overflowing
        an mmap()ed region when formatting the process list for
        display. Since ps maps a guard page at the end of the
        buffer, impact is limited to a crash.(CVE-2018-1123)
    
      - If an argument longer than INT_MAX bytes is given to
        pgrep, 'int bytes' could wrap around back to a large
        positive int (rather than approaching zero), leading to
        a stack buffer overflow via strncat().(CVE-2018-1125)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1230
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7fea6e11");
      script_set_attribute(attribute:"solution", value:
    "Update the affected procps-ng packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/07/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/10");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:procps-ng");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["procps-ng-3.3.10-17.2.h6"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "procps-ng");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-685.NASL
    descriptionThis update for procps fixes the following security issues : - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack-based buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2018-07-02
    plugin id110830
    published2018-07-02
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110830
    titleopenSUSE Security Update : procps (openSUSE-2018-685)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2018-685.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(110830);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2018-1122", "CVE-2018-1123", "CVE-2018-1124", "CVE-2018-1125", "CVE-2018-1126");
      script_xref(name:"IAVA", value:"2018-A-0174");
    
      script_name(english:"openSUSE Security Update : procps (openSUSE-2018-685)");
      script_summary(english:"Check for the openSUSE-2018-685 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for procps fixes the following security issues :
    
      - CVE-2018-1122: Prevent local privilege escalation in
        top. If a user ran top with HOME unset in an
        attacker-controlled directory, the attacker could have
        achieved privilege escalation by exploiting one of
        several vulnerabilities in the config_file() function
        (bsc#1092100).
    
      - CVE-2018-1123: Prevent denial of service in ps via mmap
        buffer overflow. Inbuilt protection in ps maped a guard
        page at the end of the overflowed buffer, ensuring that
        the impact of this flaw is limited to a crash (temporary
        denial of service) (bsc#1092100).
    
      - CVE-2018-1124: Prevent multiple integer overflows
        leading to a heap corruption in file2strvec function.
        This allowed a privilege escalation for a local attacker
        who can create entries in procfs by starting processes,
        which could result in crashes or arbitrary code
        execution in proc utilities run by other users
        (bsc#1092100).
    
      - CVE-2018-1125: Prevent stack-based buffer overflow in
        pgrep. This vulnerability was mitigated by FORTIFY
        limiting the impact to a crash (bsc#1092100).
    
      - CVE-2018-1126: Ensure correct integer size in
        proc/alloc.* to prevent truncation/integer overflow
        issues (bsc#1092100).
    
    This update was imported from the SUSE:SLE-12:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1092100"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected procps packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libprocps3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libprocps3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:procps");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:procps-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:procps-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:procps-devel");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/06/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/02");
      script_set_attribute(attribute:"stig_severity", value:"II");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE42.3", reference:"libprocps3-3.3.9-20.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"libprocps3-debuginfo-3.3.9-20.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"procps-3.3.9-20.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"procps-debuginfo-3.3.9-20.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"procps-debugsource-3.3.9-20.1") ) flag++;
    if ( rpm_check(release:"SUSE42.3", reference:"procps-devel-3.3.9-20.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libprocps3 / libprocps3-debuginfo / procps / procps-debuginfo / etc");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2042-1.NASL
    descriptionThis update for procps fixes the following security issues : - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack-based buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id111264
    published2018-07-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111264
    titleSUSE SLES11 Security Update : procps (SUSE-SU-2018:2042-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2018:2042-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111264);
      script_version("1.6");
      script_cvs_date("Date: 2019/09/10 13:51:48");
    
      script_cve_id("CVE-2018-1122", "CVE-2018-1123", "CVE-2018-1124", "CVE-2018-1125", "CVE-2018-1126");
      script_xref(name:"IAVA", value:"2018-A-0174");
    
      script_name(english:"SUSE SLES11 Security Update : procps (SUSE-SU-2018:2042-1)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for procps fixes the following security issues :
    
      - CVE-2018-1122: Prevent local privilege escalation in
        top. If a user ran top with HOME unset in an
        attacker-controlled directory, the attacker could have
        achieved privilege escalation by exploiting one of
        several vulnerabilities in the config_file() function
        (bsc#1092100).
    
      - CVE-2018-1123: Prevent denial of service in ps via mmap
        buffer overflow. Inbuilt protection in ps maped a guard
        page at the end of the overflowed buffer, ensuring that
        the impact of this flaw is limited to a crash (temporary
        denial of service) (bsc#1092100).
    
      - CVE-2018-1124: Prevent multiple integer overflows
        leading to a heap corruption in file2strvec function.
        This allowed a privilege escalation for a local attacker
        who can create entries in procfs by starting processes,
        which could result in crashes or arbitrary code
        execution in proc utilities run by other users
        (bsc#1092100).
    
      - CVE-2018-1125: Prevent stack-based buffer overflow in
        pgrep. This vulnerability was mitigated by FORTIFY
        limiting the impact to a crash (bsc#1092100).
    
      - CVE-2018-1126: Ensure correct integer size in
        proc/alloc.* to prevent truncation/integer overflow
        issues (bsc#1092100).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1092100"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1122/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1123/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1124/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1125/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1126/"
      );
      # https://www.suse.com/support/update/announcement/2018/suse-su-20182042-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1f147dde"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 11-SP4:zypper in -t patch
    slessp4-procps-13699=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:procps");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/07/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_set_attribute(attribute:"stig_severity", value:"II");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES11", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES11" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES11", sp:"4", reference:"procps-3.2.7-152.31.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "procps");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201805-14.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201805-14 (procps: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in procps. Please review the CVE identifiers referenced below for details. Impact : A local attacker could execute arbitrary code, escalate privileges, or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id110255
    published2018-05-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110255
    titleGLSA-201805-14 : procps: Multiple vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 201805-14.
    #
    # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(110255);
      script_version("1.8");
      script_cvs_date("Date: 2019/04/05 23:25:06");
    
      script_cve_id("CVE-2018-1120", "CVE-2018-1122", "CVE-2018-1123", "CVE-2018-1124");
      script_xref(name:"GLSA", value:"201805-14");
      script_xref(name:"IAVA", value:"2018-A-0174");
    
      script_name(english:"GLSA-201805-14 : procps: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-201805-14
    (procps: Multiple vulnerabilities)
    
        Multiple vulnerabilities have been discovered in procps. Please review
          the CVE identifiers referenced below for details.
      
    Impact :
    
        A local attacker could execute arbitrary code, escalate privileges, or
          cause a Denial of Service condition.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/201805-14"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All procps users should upgrade to the latest version:
          # emerge --sync
          # emerge --ask --oneshot --verbose '>=sys-process/procps-3.3.15-r1'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:procps");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/05/30");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/31");
      script_set_attribute(attribute:"stig_severity", value:"II");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"sys-process/procps", unaffected:make_list("ge 3.3.15-r1"), vulnerable:make_list("lt 3.3.15-r1"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "procps");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0450-1.NASL
    descriptionThis update for procps fixes the following security issues : CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). CVE-2018-1125: Prevent stack-based buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). (These issues were previously released for SUSE Linux Enterprise 12 SP3 and SP4.) Also The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122361
    published2019-02-21
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122361
    titleSUSE SLED12 / SLES12 Security Update : procps (SUSE-SU-2019:0450-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:0450-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122361);
      script_version("1.3");
      script_cvs_date("Date: 2019/09/10 13:51:50");
    
      script_cve_id("CVE-2018-1122", "CVE-2018-1123", "CVE-2018-1124", "CVE-2018-1125", "CVE-2018-1126");
    
      script_name(english:"SUSE SLED12 / SLES12 Security Update : procps (SUSE-SU-2019:0450-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for procps fixes the following security issues :
    
    CVE-2018-1122: Prevent local privilege escalation in top. If a user
    ran top with HOME unset in an attacker-controlled directory, the
    attacker could have achieved privilege escalation by exploiting one of
    several vulnerabilities in the config_file() function (bsc#1092100).
    
    CVE-2018-1123: Prevent denial of service in ps via mmap buffer
    overflow. Inbuilt protection in ps maped a guard page at the end of
    the overflowed buffer, ensuring that the impact of this flaw is
    limited to a crash (temporary denial of service) (bsc#1092100).
    
    CVE-2018-1124: Prevent multiple integer overflows leading to a heap
    corruption in file2strvec function. This allowed a privilege
    escalation for a local attacker who can create entries in procfs by
    starting processes, which could result in crashes or arbitrary code
    execution in proc utilities run by other users (bsc#1092100).
    
    CVE-2018-1125: Prevent stack-based buffer overflow in pgrep. This
    vulnerability was mitigated by FORTIFY limiting the impact to a crash
    (bsc#1092100).
    
    CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent
    truncation/integer overflow issues (bsc#1092100).
    
    (These issues were previously released for SUSE Linux Enterprise 12
    SP3 and SP4.)
    
    Also 
    
    The update package also includes non-security fixes. See advisory for
    details.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1092100"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1121753"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1122/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1123/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1124/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1125/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-1126/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20190450-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b56b9abc"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE OpenStack Cloud 7:zypper in -t patch
    SUSE-OpenStack-Cloud-7-2019-450=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t
    patch SUSE-SLE-SDK-12-SP4-2019-450=1
    
    SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t
    patch SUSE-SLE-SDK-12-SP3-2019-450=1
    
    SUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch
    SUSE-SLE-SAP-12-SP2-2019-450=1
    
    SUSE Linux Enterprise Server 12-SP4:zypper in -t patch
    SUSE-SLE-SERVER-12-SP4-2019-450=1
    
    SUSE Linux Enterprise Server 12-SP3:zypper in -t patch
    SUSE-SLE-SERVER-12-SP3-2019-450=1
    
    SUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP2-2019-450=1
    
    SUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch
    SUSE-SLE-SERVER-12-SP2-BCL-2019-450=1
    
    SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2019-450=1
    
    SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-2019-450=1
    
    SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP4-2019-450=1
    
    SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch
    SUSE-SLE-DESKTOP-12-SP3-2019-450=1
    
    SUSE Enterprise Storage 4:zypper in -t patch SUSE-Storage-4-2019-450=1
    
    SUSE CaaS Platform ALL :
    
    To install this update, use the SUSE CaaS Platform Velum dashboard. It
    will inform you if it detects new updates and let you then trigger
    updating of the complete cluster in a controlled way.
    
    SUSE CaaS Platform 3.0 :
    
    To install this update, use the SUSE CaaS Platform Velum dashboard. It
    will inform you if it detects new updates and let you then trigger
    updating of the complete cluster in a controlled way.
    
    OpenStack Cloud Magnum Orchestration 7:zypper in -t patch
    SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2019-450=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libprocps3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libprocps3-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:procps");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:procps-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:procps-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/02/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/21");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0|1|2|3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0/1/2/3/4", os_ver + " SP" + sp);
    if (os_ver == "SLED12" && (! preg(pattern:"^(3|4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP3/4", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libprocps3-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libprocps3-debuginfo-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"procps-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"procps-debuginfo-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"procps-debugsource-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"libprocps3-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"libprocps3-debuginfo-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"procps-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"procps-debuginfo-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"4", reference:"procps-debugsource-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libprocps3-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libprocps3-debuginfo-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"procps-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"procps-debuginfo-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"procps-debugsource-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libprocps3-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"libprocps3-debuginfo-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"procps-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"procps-debuginfo-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"3", reference:"procps-debugsource-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libprocps3-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"libprocps3-debuginfo-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"procps-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"procps-debuginfo-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", cpu:"x86_64", reference:"procps-debugsource-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libprocps3-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"libprocps3-debuginfo-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"procps-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"procps-debuginfo-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLES12", sp:"2", reference:"procps-debugsource-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libprocps3-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"libprocps3-debuginfo-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"procps-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"procps-debuginfo-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"procps-debugsource-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libprocps3-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"libprocps3-debuginfo-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"procps-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"procps-debuginfo-3.3.9-11.18.1")) flag++;
    if (rpm_check(release:"SLED12", sp:"3", cpu:"x86_64", reference:"procps-debugsource-3.3.9-11.18.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "procps");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0175_PROCPS.NASL
    descriptionAn update of the procps package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id121877
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121877
    titlePhoton OS 1.0: Procps PHSA-2018-1.0-0175
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0084.NASL
    descriptionAn update of 'procps-ng', 'openssl', 'perl' packages of Photon OS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id112035
    published2018-08-21
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=112035
    titlePhoton OS 2.0: Openssl / Procps-ng / Perl PHSA-2018-2.0-0084 (deprecated)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1326.NASL
    descriptionAccording to the versions of the procps-ng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.(CVE-2018-1122) - Due to incorrect accounting when decoding and escaping Unicode data in procfs, ps is vulnerable to overflowing an mmap()ed region when formatting the process list for display. Since ps maps a guard page at the end of the buffer, impact is limited to a crash.(CVE-2018-1123) - If an argument longer than INT_MAX bytes is given to pgrep,
    last seen2020-06-01
    modified2020-06-02
    plugin id118414
    published2018-10-26
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118414
    titleEulerOS Virtualization 2.5.1 : procps-ng (EulerOS-SA-2018-1326)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1836-1.NASL
    descriptionThis update for procps fixes the following security issues : - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack-based buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id110804
    published2018-06-29
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110804
    titleSUSE SLED12 / SLES12 Security Update : procps (SUSE-SU-2018:1836-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2451-2.NASL
    descriptionThis update for procps fixes the following security issues : CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). CVE-2018-1125: Prevent stack-based buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id119211
    published2018-11-27
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119211
    titleSUSE SLED12 / SLES12 Security Update : procps (SUSE-SU-2018:2451-2)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1198.NASL
    descriptionAccording to the versions of the procps-ng package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124) - procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126) - If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.(CVE-2018-1122) - Due to incorrect accounting when decoding and escaping Unicode data in procfs, ps is vulnerable to overflowing an mmap()ed region when formatting the process list for display. Since ps maps a guard page at the end of the buffer, impact is limited to a crash.(CVE-2018-1123) - If an argument longer than INT_MAX bytes is given to pgrep,
    last seen2020-05-06
    modified2018-07-03
    plugin id110862
    published2018-07-03
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110862
    titleEulerOS 2.0 SP2 : procps-ng (EulerOS-SA-2018-1198)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4208.NASL
    descriptionThe Qualys Research Labs discovered multiple vulnerabilities in procps, a set of command line and full screen utilities for browsing procfs. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2018-1122 top read its configuration from the current working directory if no $HOME was configured. If top were started from a directory writable by the attacker (such as /tmp) this could result in local privilege escalation. - CVE-2018-1123 Denial of service against the ps invocation of another user. - CVE-2018-1124 An integer overflow in the file2strvec() function of libprocps could result in local privilege escalation. - CVE-2018-1125 A stack-based buffer overflow in pgrep could result in denial of service for a user using pgrep for inspecting a specially crafted process. - CVE-2018-1126 Incorrect integer size parameters used in wrappers for standard C allocators could cause integer truncation and lead to integer overflow issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109969
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109969
    titleDebian DSA-4208-1 : procps - security update
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-2376.NASL
    descriptionThis update for procps fixes the following issues : procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed : - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack-based buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed : - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes : - library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures - library: Just check for SIGLOST and don
    last seen2020-06-01
    modified2020-06-02
    plugin id130333
    published2019-10-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130333
    titleopenSUSE Security Update : procps (openSUSE-2019-2376)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1390.NASL
    descriptionThe Qualys Research Labs discovered multiple vulnerabilities in procps, a set of command line and full screen utilities for browsing procfs. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2018-1122 top read its configuration from the current working directory if no $HOME was configured. If top were started from a directory writable by the attacker (such as /tmp) this could result in local privilege escalation. CVE-2018-1123 Denial of service against the ps invocation of another user. CVE-2018-1124 An integer overflow in the file2strvec() function of libprocps could result in local privilege escalation. CVE-2018-1125 A stack-based buffer overflow in pgrep could result in denial of service for a user using pgrep for inspecting a specially crafted process. CVE-2018-1126 Incorrect integer size parameters used in wrappers for standard C allocators could cause integer truncation and lead to integer overflow issues. For Debian 7
    last seen2020-03-17
    modified2018-06-05
    plugin id110312
    published2018-06-05
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110312
    titleDebian DLA-1390-1 : procps security update
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2018-142-03.NASL
    descriptionNew procps-ng packages are available for Slackware 14.2 and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109950
    published2018-05-23
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109950
    titleSlackware 14.2 / current : procps-ng (SSA:2018-142-03)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0084_PROCPS.NASL
    descriptionAn update of the procps package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id121983
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121983
    titlePhoton OS 2.0: Procps PHSA-2018-2.0-0084

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/147806/qualys-procps-ng-audit-report.txt
idPACKETSTORM:147806
last seen2018-05-24
published2018-05-22
reporterqualys.com
sourcehttps://packetstormsecurity.com/files/147806/Procps-ng-Audit-Report.html
titleProcps-ng Audit Report

References