[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-4208-1 procps -- procps

ID: oval:org.secpod.oval:def:53332Date: (C)2019-04-04   (M)2023-12-20
Class: PATCHFamily: unix




The Qualys Research Labs discovered multiple vulnerabilities in procps, a set of command line and full screen utilities for browsing procfs. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-1122 top read its configuration from the current working directory if no $HOME was configured. If top were started from a directory writable by the attacker this could result in local privilege escalation. CVE-2018-1123 Denial of service against the ps invocation of another user. CVE-2018-1124 An integer overflow in the file2strvec function of libprocps could result in local privilege escalation. CVE-2018-1125 A stack-based buffer overflow in pgrep could result in denial of service for a user using pgrep for inspecting a specially crafted process. CVE-2018-1126 Incorrect integer size parameters used in wrappers for standard C allocators could cause integer truncation and lead to integer overflow issues.

Platform:
Linux Mint 3
Product:
procps
Reference:
DSA-4208-1
CVE-2018-1122
CVE-2018-1123
CVE-2018-1124
CVE-2018-1125
CVE-2018-1126
CVE    5
CVE-2018-1122
CVE-2018-1124
CVE-2018-1123
CVE-2018-1126
...
CPE    2
cpe:/a:procps_project:procps
cpe:/o:linux_mint:linux_mint:3

© SecPod Technologies