ID CVE-2018-1122
Summary procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.
References
Vulnerable Configurations
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.11:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.12:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.13:-:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.13:-:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.13:rc1:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.13:rc1:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.14:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.14:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVSS
Base: 4.4 (as of 03-10-2019 - 00:03)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:L/AC:M/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1699264
    title Free output is wrong
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment procps-ng is earlier than 0:3.3.10-26.el7
            oval oval:com.redhat.rhsa:tst:20192189001
          • comment procps-ng is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20181700002
        • AND
          • comment procps-ng-devel is earlier than 0:3.3.10-26.el7
            oval oval:com.redhat.rhsa:tst:20192189003
          • comment procps-ng-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20181700004
        • AND
          • comment procps-ng-i18n is earlier than 0:3.3.10-26.el7
            oval oval:com.redhat.rhsa:tst:20192189005
          • comment procps-ng-i18n is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20181700006
    rhsa
    id RHSA-2019:2189
    released 2019-08-06
    severity Moderate
    title RHSA-2019:2189: procps-ng security and bug fix update (Moderate)
  • rhsa
    id RHSA-2020:0595
rpms
  • procps-ng-0:3.3.10-26.el7
  • procps-ng-debuginfo-0:3.3.10-26.el7
  • procps-ng-devel-0:3.3.10-26.el7
  • procps-ng-i18n-0:3.3.10-26.el7
  • procps-ng-0:3.3.10-16.el7_4.2
  • procps-ng-debuginfo-0:3.3.10-16.el7_4.2
  • procps-ng-devel-0:3.3.10-16.el7_4.2
  • procps-ng-i18n-0:3.3.10-16.el7_4.2
  • procps-ng-0:3.3.10-17.el7_5.4
  • procps-ng-debuginfo-0:3.3.10-17.el7_5.4
  • procps-ng-devel-0:3.3.10-17.el7_5.4
  • procps-ng-i18n-0:3.3.10-17.el7_5.4
  • procps-ng-0:3.3.10-23.el7_6.2
  • procps-ng-debuginfo-0:3.3.10-23.el7_6.2
  • procps-ng-devel-0:3.3.10-23.el7_6.2
  • procps-ng-i18n-0:3.3.10-23.el7_6.2
refmap via4
bid 104214
confirm https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1122
debian DSA-4208
exploit-db 44806
gentoo GLSA-201805-14
misc https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
mlist
  • [debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update
  • [oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report
suse
  • openSUSE-SU-2019:2376
  • openSUSE-SU-2019:2379
ubuntu
  • USN-3658-1
  • USN-3658-3
Last major update 03-10-2019 - 00:03
Published 23-05-2018 - 14:29
Last modified 03-10-2019 - 00:03
Back to Top