Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2018.2042.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2018:2042-1)
Summary:The remote host is missing an update for the 'procps' package(s) announced via the SUSE-SU-2018:2042-1 advisory.
Description:Summary:
The remote host is missing an update for the 'procps' package(s) announced via the SUSE-SU-2018:2042-1 advisory.

Vulnerability Insight:
This update for procps fixes the following security issues:
- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran
top with HOME unset in an attacker-controlled directory, the attacker
could have achieved privilege escalation by exploiting one of several
vulnerabilities in the config_file() function (bsc#1092100).
- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.
Inbuilt protection in ps maped a guard page at the end of the overflowed
buffer, ensuring that the impact of this flaw is limited to a crash
(temporary denial of service) (bsc#1092100).
- CVE-2018-1124: Prevent multiple integer overflows leading to a heap
corruption in file2strvec function. This allowed a privilege escalation
for a local attacker who can create entries in procfs by starting
processes, which could result in crashes or arbitrary code execution in
proc utilities run by
other users (bsc#1092100).
- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This
vulnerability was mitigated by FORTIFY limiting the impact to a crash
(bsc#1092100).
- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent
truncation/integer overflow issues (bsc#1092100).

Affected Software/OS:
'procps' package(s) on SUSE Linux Enterprise Server 11-SP4

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-1122
BugTraq ID: 104214
http://www.securityfocus.com/bid/104214
Debian Security Information: DSA-4208 (Google Search)
https://www.debian.org/security/2018/dsa-4208
https://www.exploit-db.com/exploits/44806/
https://security.gentoo.org/glsa/201805-14
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html
http://seclists.org/oss-sec/2018/q2/122
RedHat Security Advisories: RHSA-2019:2189
https://access.redhat.com/errata/RHSA-2019:2189
RedHat Security Advisories: RHSA-2020:0595
https://access.redhat.com/errata/RHSA-2020:0595
SuSE Security Announcement: openSUSE-SU-2019:2376 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html
SuSE Security Announcement: openSUSE-SU-2019:2379 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html
https://usn.ubuntu.com/3658-1/
https://usn.ubuntu.com/3658-3/
Common Vulnerability Exposure (CVE) ID: CVE-2018-1123
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
Common Vulnerability Exposure (CVE) ID: CVE-2018-1124
RedHat Security Advisories: RHSA-2018:1700
https://access.redhat.com/errata/RHSA-2018:1700
RedHat Security Advisories: RHSA-2018:1777
https://access.redhat.com/errata/RHSA-2018:1777
RedHat Security Advisories: RHSA-2018:1820
https://access.redhat.com/errata/RHSA-2018:1820
RedHat Security Advisories: RHSA-2018:2267
https://access.redhat.com/errata/RHSA-2018:2267
RedHat Security Advisories: RHSA-2018:2268
https://access.redhat.com/errata/RHSA-2018:2268
RedHat Security Advisories: RHSA-2019:1944
https://access.redhat.com/errata/RHSA-2019:1944
RedHat Security Advisories: RHSA-2019:2401
https://access.redhat.com/errata/RHSA-2019:2401
http://www.securitytracker.com/id/1041057
https://usn.ubuntu.com/3658-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-1125
Common Vulnerability Exposure (CVE) ID: CVE-2018-1126
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.