ID CVE-2018-1126
Summary procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.
References
Vulnerable Configurations
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 17.10
    cpe:2.3:o:canonical:ubuntu_linux:17.10
  • Canonical Ubuntu Linux 18.04 LTS Edition
    cpe:2.3:o:canonical:ubuntu_linux:18.04:-:-:-:lts
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • Debian Linux 9.0
    cpe:2.3:o:debian:debian_linux:9.0
  • Red Hat Enterprise Linux (RHEL) 7.0 (7)
    cpe:2.3:o:redhat:enterprise_linux:7.0
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • cpe:2.3:o:redhat:enterprise_linux_server:7.5
    cpe:2.3:o:redhat:enterprise_linux_server:7.5
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6
    cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6
  • Red Hat Enterprise Linux Server Telecommunications Update Service (TUS) 6.6
    cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
CVSS
Base: 7.5
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
exploit-db via4
description Procps-ng - Multiple Vulnerabilities. CVE-2018-1120,CVE-2018-1121,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124. Local exploit for Linux platform. Tags: Denial o...
file exploits/linux/local/44806.txt
id EDB-ID:44806
last seen 2018-05-30
modified 2018-05-30
platform linux
port
published 2018-05-30
reporter Exploit-DB
source https://www.exploit-db.com/download/44806/
title Procps-ng - Multiple Vulnerabilities
type local
nessus via4
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1274.NASL
    description According to the versions of the procps-ng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - procps-ng, procps: Integer overflows leading to heap overflow in file2strvec.(CVE-2018-1124) - procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues.(CVE-2018-1126) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 117583
    published 2018-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117583
    title EulerOS Virtualization 2.5.1 : procps-ng (EulerOS-SA-2018-1274)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-BBA8FED5AB.NASL
    description Fixes for : - CVE-2018-1124 - CVE-2018-1126 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-03
    plugin id 120743
    published 2019-01-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120743
    title Fedora 28 : procps-ng (2018-bba8fed5ab)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-DE5DE06754.NASL
    description Fixes for : - CVE-2018-1124 - CVE-2018-1126 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-09-04
    plugin id 110103
    published 2018-05-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110103
    title Fedora 27 : procps-ng (2018-de5de06754)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2451-2.NASL
    description This update for procps fixes the following security issues : CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). CVE-2018-1125: Prevent stack-based buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 119211
    published 2018-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119211
    title SUSE SLED12 / SLES12 Security Update : procps (SUSE-SU-2018:2451-2)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0084.NASL
    description An update of 'procps-ng', 'openssl', 'perl' packages of Photon OS has been released.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 112035
    published 2018-08-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112035
    title Photon OS 2.0: Openssl / Procps-ng / Perl PHSA-2018-2.0-0084 (deprecated)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2042-1.NASL
    description This update for procps fixes the following security issues : - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack-based buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 111264
    published 2018-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111264
    title SUSE SLES11 Security Update : procps (SUSE-SU-2018:2042-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-1820.NASL
    description An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for RHEL-7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Security Fix(es) : * procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124) * procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Qualys Research Labs for reporting these issues. Bug Fix(es) : * Previously some SELinux %post scripts were not re-executed because imgbased attempts to re-execute RPM %post scripts which involve SELinux commands inside a namespace, and some commands failed due to SELinux namespacing rules. This update ensures that SELinux contexts inside imgbased update namespaces now update appropriately, and the scripts are re-executed by remounting /sys and / sys/fs/selinux inside the update namespace. (BZ#1571607) * Previously, vmcore files that were created by kdump were not relabelled by kdumpctl after a reboot. As a result, Rsync returned an error when trying to remove the security.selinux attribute while syncing unlabelled files, as this is forbidden by selinux. In this release, restorecon is run on the source directory before syncing it, which enables the files to be synchronized with the correct labels. (BZ# 1579141) Enhancement(s) : * Previously, imgbased filtered out stderr from LVM commands to improve parsing reliability. In this release, imgbased now logs stderr from LVM commands in order to provide this information in the imgbased logs, for example during an upgrade failure. (BZ#1574187)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110467
    published 2018-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110467
    title RHEL 7 : Virtualization (RHSA-2018:1820)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-1700.NASL
    description From Red Hat Security Advisory 2018:1700 : An update for procps-ng is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Security Fix(es) : * procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124) * procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Qualys Research Labs for reporting these issues.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 110070
    published 2018-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110070
    title Oracle Linux 7 : procps-ng (ELSA-2018-1700)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4208.NASL
    description The Qualys Research Labs discovered multiple vulnerabilities in procps, a set of command line and full screen utilities for browsing procfs. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2018-1122 top read its configuration from the current working directory if no $HOME was configured. If top were started from a directory writable by the attacker (such as /tmp) this could result in local privilege escalation. - CVE-2018-1123 Denial of service against the ps invocation of another user. - CVE-2018-1124 An integer overflow in the file2strvec() function of libprocps could result in local privilege escalation. - CVE-2018-1125 A stack-based buffer overflow in pgrep could result in denial of service for a user using pgrep for inspecting a specially crafted process. - CVE-2018-1126 Incorrect integer size parameters used in wrappers for standard C allocators could cause integer truncation and lead to integer overflow issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 109969
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109969
    title Debian DSA-4208-1 : procps - security update
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-2_0-0084_PROCPS.NASL
    description An update of the procps package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121983
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121983
    title Photon OS 2.0: Procps PHSA-2018-2.0-0084
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1198.NASL
    description According to the versions of the procps-ng package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124) - procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126) - If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.(CVE-2018-1122) - Due to incorrect accounting when decoding and escaping Unicode data in procfs, ps is vulnerable to overflowing an mmap()ed region when formatting the process list for display. Since ps maps a guard page at the end of the buffer, impact is limited to a crash.(CVE-2018-1123) - If an argument longer than INT_MAX bytes is given to pgrep, 'int bytes' could wrap around back to a large positive int (rather than approaching zero), leading to a stack buffer overflow via strncat().(CVE-2018-1125) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 110862
    published 2018-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110862
    title EulerOS 2.0 SP2 : procps-ng (EulerOS-SA-2018-1198)
  • NASL family PhotonOS Local Security Checks
    NASL id PHOTONOS_PHSA-2018-1_0-0175_PROCPS.NASL
    description An update of the procps package has been released.
    last seen 2019-02-08
    modified 2019-02-07
    plugin id 121877
    published 2019-02-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121877
    title Photon OS 1.0: Procps PHSA-2018-1.0-0175
  • NASL family Junos Local Security Checks
    NASL id JUNIPER_SPACE_JSA10917_184R1.NASL
    description According to its self-reported version number, the remote Junos Space version is 18.4.x prior to 18.4R1. It is, therefore, affected by multiple vulnerabilities : - An integer overflow issue exists in procps-ng. This is related to CVE-2018-1124. (CVE-2018-1126) - A directory traversal issue exits in reposync, a part of yum-utils.tory configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. (CVE-2018-10897) - An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID binary could use this flaw to escalate their privileges on the system. (CVE-2018-14634) Additionally, Junos Space is affected by several other vulnerabilities exist as noted in the vendor advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-10
    plugin id 121068
    published 2019-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121068
    title Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-1777.NASL
    description From Red Hat Security Advisory 2018:1777 : An update for procps is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Security Fix(es) : * procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124) * procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Qualys Research Labs for reporting these issues.
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 110276
    published 2018-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110276
    title Oracle Linux 6 : procps (ELSA-2018-1777)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2267.NASL
    description An update for procps is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Security Fix(es) : * procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124) * procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Qualys Research Labs for reporting these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 111365
    published 2018-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111365
    title RHEL 6 : procps (RHSA-2018:2267)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-1777.NASL
    description An update for procps is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Security Fix(es) : * procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124) * procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Qualys Research Labs for reporting these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110296
    published 2018-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110296
    title CentOS 6 : procps (CESA-2018:1777)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-1700.NASL
    description An update for procps-ng is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Security Fix(es) : * procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124) * procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Qualys Research Labs for reporting these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110082
    published 2018-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110082
    title RHEL 7 : procps-ng (RHSA-2018:1700)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-685.NASL
    description This update for procps fixes the following security issues : - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack-based buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-09-06
    plugin id 110830
    published 2018-07-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110830
    title openSUSE Security Update : procps (openSUSE-2018-685)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1836-1.NASL
    description This update for procps fixes the following security issues : - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack-based buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110804
    published 2018-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110804
    title SUSE SLED12 / SLES12 Security Update : procps (SUSE-SU-2018:1836-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3658-1.NASL
    description It was discovered that the procps-ng top utility incorrectly read its configuration file from the current working directory. A local attacker could possibly use this issue to escalate privileges. (CVE-2018-1122) It was discovered that the procps-ng ps tool incorrectly handled memory. A local user could possibly use this issue to cause a denial of service. (CVE-2018-1123) It was discovered that libprocps incorrectly handled the file2strvec() function. A local attacker could possibly use this to execute arbitrary code. (CVE-2018-1124) It was discovered that the procps-ng pgrep utility incorrectly handled memory. A local attacker could possibly use this issue to cause de denial of service. (CVE-2018-1125) It was discovered that procps-ng incorrectly handled memory. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2018-1126). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 110094
    published 2018-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110094
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : procps vulnerabilities (USN-3658-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1390.NASL
    description The Qualys Research Labs discovered multiple vulnerabilities in procps, a set of command line and full screen utilities for browsing procfs. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2018-1122 top read its configuration from the current working directory if no $HOME was configured. If top were started from a directory writable by the attacker (such as /tmp) this could result in local privilege escalation. CVE-2018-1123 Denial of service against the ps invocation of another user. CVE-2018-1124 An integer overflow in the file2strvec() function of libprocps could result in local privilege escalation. CVE-2018-1125 A stack-based buffer overflow in pgrep could result in denial of service for a user using pgrep for inspecting a specially crafted process. CVE-2018-1126 Incorrect integer size parameters used in wrappers for standard C allocators could cause integer truncation and lead to integer overflow issues. For Debian 7 'Wheezy', these problems have been fixed in version 1:3.3.3-3+deb7u1. We recommend that you upgrade your procps packages. The Debian LTS team would like to thank Abhijith PA for preparing this update. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 110312
    published 2018-06-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110312
    title Debian DLA-1390-1 : procps security update
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2018-142-03.NASL
    description New procps-ng packages are available for Slackware 14.2 and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-09-04
    plugin id 109950
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109950
    title Slackware 14.2 / current : procps-ng (SSA:2018-142-03)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2019-0450-1.NASL
    description This update for procps fixes the following security issues : CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). CVE-2018-1125: Prevent stack-based buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). (These issues were previously released for SUSE Linux Enterprise 12 SP3 and SP4.) Also The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-22
    modified 2019-02-21
    plugin id 122361
    published 2019-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=122361
    title SUSE SLED12 / SLES12 Security Update : procps (SUSE-SU-2019:0450-1)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1340.NASL
    description According to the versions of the procps-ng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.(CVE-2018-1122) - Due to incorrect accounting when decoding and escaping Unicode data in procfs, ps is vulnerable to overflowing an mmap()ed region when formatting the process list for display. Since ps maps a guard page at the end of the buffer, impact is limited to a crash.(CVE-2018-1123) - If an argument longer than INT_MAX bytes is given to pgrep, 'int bytes' could wrap around back to a large positive int (rather than approaching zero), leading to a stack buffer overflow via strncat().(CVE-2018-1125) - procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124) - procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 118428
    published 2018-10-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118428
    title EulerOS Virtualization 2.5.0 : procps-ng (EulerOS-SA-2018-1340)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0226.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - vmstat: fix invalid CPU utilization stats after vCPU hot-plug/unplug (Konrad Rzeszutek Wilk) [bug 18011019] - drop leftover assignment in fix for CVE-2018-1124 causing a severe regression - Resolves: (CVE-2018-1124) - fix integer overflows leading to heap overflow in file2strvec - Resolves: CVE-2018-1124 (CVE-2018-1126) - ps: STIME no longer 1970 if many cores in /proc/stat - Resolves: rhbz#1460176 - slabtop: additional work on usage computation to work on 32bit archs - Related: rhbz#1330008 - Removal of patch 92 - procps-3.2.8-pgrep-15-chars-warning.patch - Related: rhbz#877352 - Rework of patch 91 from 3.2.8-37, stripping removed permanently, no new option - Resolves: rhbz#1322111 - top: Termination with segfault if /proc becomes inaccessible during run - Resolves: rhbz#928724 - sysctl manpage: Added explanation of conf files precedence - Resolves: rhbz#1217077 - sysctl.conf manpage: new NOTES section with predefined vars hint - Resolves: rhbz#1318644 - slabtop: fixing incorrect usage percent computation - int overflow - Resolves: rhbz#1330008 - New warning if pattern exceeds 15 characters without -f option - Resolves: #877352 - Adding option to skip stripping of wchan name data - Resolves: #1322111 - #1201024 - [RFE] Increase sysctl -p line size limit - #1246573 - typo in ps man page - #1251101 - Fixing human readable patch (removing trailing spaces) - #1284076 - [RFE] Support for thread cgroups - #1288208 - use of /proc/self/auxv breaks ps when running as a different euid - #1288497 - pmap - no sums computed for RSS and Dirty column - Resolves: #1201024 #1246573 #1251101 #1284076 #1288208 #1288497 - #1262870 - Correctly skip vmflags (and other keys starting with A-Z) - Resolves: #1262870 - #1246379 - free: values truncated to the column width - Resolves: #1246379 - #1120580 - [RFE] Have sysctl -p read info from /etc/sysctl.d - Related: rhbz#1120580 - #1120580 - [RFE] Have sysctl -p read info from /etc/sysctl.d - Related: rhbz#1120580 - #993072 - Make the 'free' command a little more human friendly - #1172059 - ps coredump in stat2proc - #1120580 - [RFE] Have sysctl -p read info from /etc/sysctl.d - #1123311 - RFE: 'w' should have '-n' flag to suppress reverse name resolution of IP addresses - #1163404 - [procps] find_elf_note invalid read if setenv has been called before libproc init - Resolves: rhbz#993072 rhbz#1172059 rhbz#1120580 rhbz#1123311 rhbz#1163404 - #977467 - [RFE] Have sysctl -p read info from /etc/sysctl.d - Resolves: rhbz#977467 - Reimplementing (#1060681) due to regressions - Related: rhbz#1060681 - #1105125 - Locale dependent float delay in top and watch utilities - #1039013 - Include an API in RHEL to return the number of opened file descriptors for a process - Resolves: rhbz#1105125 - Related: rhbz#1034337 - #1060681 - ps -p cycles over all PIDs instead of just one - #963799 - Should shared memory be accounted in cached in free output? - Resolves: rhbz#1060681 rhbz#963799 - #1089817 - Return value of pgrep is incorrect - #950748 - /lib64/libproc.so package both in procps and procps-devel - #1011216 - Backport man page fix of top utility - RES = CODE + DATA - #1082877 - top/man: RES - physical memory a task 'has used'->'is using' - #1034337 - Include man pages for openproc, readproc and readproctab - Resolves: rhbz#1089817 rhbz#950748 rhbz#1011216 rhbz#1082877 rhbz#1034337
    last seen 2019-02-21
    modified 2018-09-05
    plugin id 110306
    published 2018-06-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110306
    title OracleVM 3.3 / 3.4 : procps (OVMSA-2018-0226)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-1700.NASL
    description An update for procps-ng is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Security Fix(es) : * procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124) * procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Qualys Research Labs for reporting these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110204
    published 2018-05-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110204
    title CentOS 7 : procps-ng (CESA-2018:1700)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180523_PROCPS_NG_ON_SL7_X.NASL
    description Security Fix(es) : - procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124) - procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 110088
    published 2018-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110088
    title Scientific Linux Security Update : procps-ng on SL7.x x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2268.NASL
    description An update for procps is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Security Fix(es) : * procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124) * procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Qualys Research Labs for reporting these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 111366
    published 2018-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111366
    title RHEL 6 : procps (RHSA-2018:2268)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1199.NASL
    description According to the versions of the procps-ng package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124) - procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 110863
    published 2018-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110863
    title EulerOS 2.0 SP3 : procps-ng (EulerOS-SA-2018-1199)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180531_PROCPS_ON_SL6_X.NASL
    description Security Fix(es) : - procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124) - procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126)
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 110282
    published 2018-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110282
    title Scientific Linux Security Update : procps on SL6.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-1777.NASL
    description An update for procps is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Security Fix(es) : * procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124) * procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Qualys Research Labs for reporting these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 110279
    published 2018-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110279
    title RHEL 6 : procps (RHSA-2018:1777)
  • NASL family Amazon Linux Local Security Checks
    NASL id AL2_ALAS-2018-1031.NASL
    description Multiple integer overflows leading to heap corruption flaws were discovered in file2strvec(). These vulnerabilities can lead to privilege escalation for a local attacker who can create entries in procfs by starting processes, which will lead to crashes or arbitrary code execution in proc utilities run by other users (eg pgrep, pkill, pidof, w).(CVE-2018-1124) A flaw was found where procps-ng provides wrappers for standard C allocators that took `unsigned int` instead of `size_t` parameters. On platforms where these differ (such as x86_64), this could cause integer truncation, leading to undersized regions being returned to callers that could then be overflowed. The only known exploitable vector for this issue is CVE-2018-1124 .(CVE-2018-1126)
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 110448
    published 2018-06-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=110448
    title Amazon Linux 2 : procps-ng (ALAS-2018-1031)
packetstorm via4
data source https://packetstormsecurity.com/files/download/147806/qualys-procps-ng-audit-report.txt
id PACKETSTORM:147806
last seen 2018-05-24
published 2018-05-22
reporter qualys.com
source https://packetstormsecurity.com/files/147806/Procps-ng-Audit-Report.html
title Procps-ng Audit Report
redhat via4
advisories
  • bugzilla
    id 1575853
    title CVE-2018-1126 procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment procps-ng is earlier than 0:3.3.10-17.el7_5.2
          oval oval:com.redhat.rhsa:tst:20181700009
        • comment procps-ng is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20181700010
      • AND
        • comment procps-ng-devel is earlier than 0:3.3.10-17.el7_5.2
          oval oval:com.redhat.rhsa:tst:20181700007
        • comment procps-ng-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20181700008
      • AND
        • comment procps-ng-i18n is earlier than 0:3.3.10-17.el7_5.2
          oval oval:com.redhat.rhsa:tst:20181700005
        • comment procps-ng-i18n is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20181700006
    rhsa
    id RHSA-2018:1700
    released 2018-05-23
    severity Important
    title RHSA-2018:1700: procps-ng security update (Important)
  • bugzilla
    id 1575853
    title CVE-2018-1126 procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment procps is earlier than 0:3.2.8-45.el6_9.3
          oval oval:com.redhat.rhsa:tst:20181777005
        • comment procps is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20181777006
      • AND
        • comment procps-devel is earlier than 0:3.2.8-45.el6_9.3
          oval oval:com.redhat.rhsa:tst:20181777007
        • comment procps-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20181777008
    rhsa
    id RHSA-2018:1777
    released 2018-05-31
    severity Important
    title RHSA-2018:1777: procps security update (Important)
  • rhsa
    id RHSA-2018:1820
  • rhsa
    id RHSA-2018:2267
  • rhsa
    id RHSA-2018:2268
rpms
  • procps-ng-0:3.3.10-17.el7_5.2
  • procps-ng-devel-0:3.3.10-17.el7_5.2
  • procps-ng-i18n-0:3.3.10-17.el7_5.2
  • procps-0:3.2.8-45.el6_9.3
  • procps-devel-0:3.2.8-45.el6_9.3
refmap via4
bid 104214
confirm
debian DSA-4208
misc https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
mlist
  • [debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update
  • [oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report
sectrack 1041057
ubuntu
  • USN-3658-1
  • USN-3658-2
Last major update 23-05-2018 - 09:29
Published 23-05-2018 - 09:29
Last modified 29-03-2019 - 10:45
Back to Top