[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2018-1120Date: (C)2018-06-20   (M)2024-03-26


A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc//cmdline (or /proc//environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.3CVSS Score : 3.5
Exploit Score: 1.6Exploit Score: 6.8
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: HIGHAccess Complexity: MEDIUM
Privileges Required: LOWAuthentication: SINGLE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: PARTIAL
Integrity: NONE 
Availability: HIGH 
  
Reference:
BID-104229
EXPLOIT-DB-44806
GLSA-201805-14
RHSA-2018:2948
RHSA-2018:3083
RHSA-2018:3096
USN-3752-1
USN-3752-2
USN-3752-3
USN-3910-1
USN-3910-2
https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html
http://seclists.org/oss-sec/2018/q2/122
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1120
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f7ccc2ccc2e70c6054685f5e3522efa81556830

CPE    7
cpe:/o:debian:debian_linux:8.0
cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
cpe:/o:redhat:enterprise_linux_server:7.0
cpe:/o:linux:linux_kernel
...
CWE    1
CWE-119
OVAL    38
oval:org.secpod.oval:def:1700051
oval:org.secpod.oval:def:1600896
oval:org.secpod.oval:def:89003264
oval:org.secpod.oval:def:114545
...

© SecPod Technologies