Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2018:2042-1)
Summary:The remote host is missing an update for the 'procps' package(s) announced via the SUSE-SU-2018:2042-1 advisory.
The remote host is missing an update for the 'procps' package(s) announced via the SUSE-SU-2018:2042-1 advisory.

Vulnerability Insight:
This update for procps fixes the following security issues:
- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran
top with HOME unset in an attacker-controlled directory, the attacker
could have achieved privilege escalation by exploiting one of several
vulnerabilities in the config_file() function (bsc#1092100).
- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.
Inbuilt protection in ps maped a guard page at the end of the overflowed
buffer, ensuring that the impact of this flaw is limited to a crash
(temporary denial of service) (bsc#1092100).
- CVE-2018-1124: Prevent multiple integer overflows leading to a heap
corruption in file2strvec function. This allowed a privilege escalation
for a local attacker who can create entries in procfs by starting
processes, which could result in crashes or arbitrary code execution in
proc utilities run by
other users (bsc#1092100).
- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This
vulnerability was mitigated by FORTIFY limiting the impact to a crash
- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent
truncation/integer overflow issues (bsc#1092100).

Affected Software/OS:
'procps' package(s) on SUSE Linux Enterprise Server 11-SP4

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-1122
BugTraq ID: 104214
Debian Security Information: DSA-4208 (Google Search)
RedHat Security Advisories: RHSA-2019:2189
RedHat Security Advisories: RHSA-2020:0595
SuSE Security Announcement: openSUSE-SU-2019:2376 (Google Search)
SuSE Security Announcement: openSUSE-SU-2019:2379 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2018-1123
Common Vulnerability Exposure (CVE) ID: CVE-2018-1124
RedHat Security Advisories: RHSA-2018:1700
RedHat Security Advisories: RHSA-2018:1777
RedHat Security Advisories: RHSA-2018:1820
RedHat Security Advisories: RHSA-2018:2267
RedHat Security Advisories: RHSA-2018:2268
RedHat Security Advisories: RHSA-2019:1944
RedHat Security Advisories: RHSA-2019:2401
Common Vulnerability Exposure (CVE) ID: CVE-2018-1125
Common Vulnerability Exposure (CVE) ID: CVE-2018-1126
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.