ID CVE-2018-1126
Summary procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.
References
Vulnerable Configurations
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.11:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.12:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.13:-:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.13:-:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.13:rc1:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.13:rc1:*:*:*:*:*:*
  • cpe:2.3:a:procps-ng_project:procps-ng:3.3.14:*:*:*:*:*:*:*
    cpe:2.3:a:procps-ng_project:procps-ng:3.3.14:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:7.5:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:7.5:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:schneider-electric:struxureware_data_center_expert:7.5.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 30-07-2019 - 13:15)
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1575853
    title CVE-2018-1126 procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment procps-ng is earlier than 0:3.3.10-17.el7_5.2
            oval oval:com.redhat.rhsa:tst:20181700001
          • comment procps-ng is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20181700002
        • AND
          • comment procps-ng-devel is earlier than 0:3.3.10-17.el7_5.2
            oval oval:com.redhat.rhsa:tst:20181700003
          • comment procps-ng-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20181700004
        • AND
          • comment procps-ng-i18n is earlier than 0:3.3.10-17.el7_5.2
            oval oval:com.redhat.rhsa:tst:20181700005
          • comment procps-ng-i18n is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20181700006
    rhsa
    id RHSA-2018:1700
    released 2018-05-23
    severity Important
    title RHSA-2018:1700: procps-ng security update (Important)
  • bugzilla
    id 1575853
    title CVE-2018-1126 procps-ng, procps: incorrect integer size in proc/alloc.* leading to truncation / integer overflow issues
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment procps is earlier than 0:3.2.8-45.el6_9.3
            oval oval:com.redhat.rhsa:tst:20181777001
          • comment procps is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20181777002
        • AND
          • comment procps-devel is earlier than 0:3.2.8-45.el6_9.3
            oval oval:com.redhat.rhsa:tst:20181777003
          • comment procps-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20181777004
    rhsa
    id RHSA-2018:1777
    released 2018-05-31
    severity Important
    title RHSA-2018:1777: procps security update (Important)
  • rhsa
    id RHSA-2018:1820
  • rhsa
    id RHSA-2018:2267
  • rhsa
    id RHSA-2018:2268
  • rhsa
    id RHSA-2019:1944
rpms
  • procps-ng-0:3.3.10-17.el7_5.2
  • procps-ng-debuginfo-0:3.3.10-17.el7_5.2
  • procps-ng-devel-0:3.3.10-17.el7_5.2
  • procps-ng-i18n-0:3.3.10-17.el7_5.2
  • procps-0:3.2.8-45.el6_9.3
  • procps-debuginfo-0:3.2.8-45.el6_9.3
  • procps-devel-0:3.2.8-45.el6_9.3
  • imgbased-0:1.0.17-0.1.el7ev
  • python-imgbased-0:1.0.17-0.1.el7ev
  • redhat-release-virtualization-host-0:4.2-3.1.el7
  • redhat-virtualization-host-image-update-0:4.2-20180531.0.el7_5
  • redhat-virtualization-host-image-update-placeholder-0:4.2-3.1.el7
  • procps-0:3.2.8-35.el6_7.1
  • procps-debuginfo-0:3.2.8-35.el6_7.1
  • procps-devel-0:3.2.8-35.el6_7.1
  • procps-0:3.2.8-30.el6_6.1
  • procps-debuginfo-0:3.2.8-30.el6_6.1
  • procps-devel-0:3.2.8-30.el6_6.1
  • procps-ng-0:3.3.10-16.el7_4.1
  • procps-ng-debuginfo-0:3.3.10-16.el7_4.1
  • procps-ng-devel-0:3.3.10-16.el7_4.1
  • procps-ng-i18n-0:3.3.10-16.el7_4.1
refmap via4
bid 104214
confirm
debian DSA-4208
misc https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
mlist
  • [debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update
  • [oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report
sectrack 1041057
suse
  • openSUSE-SU-2019:2376
  • openSUSE-SU-2019:2379
ubuntu
  • USN-3658-1
  • USN-3658-2
Last major update 30-07-2019 - 13:15
Published 23-05-2018 - 13:29
Last modified 30-07-2019 - 13:15
Back to Top