Details of VAR-201805-0613

ID

VAR-201805-0613

CVE

CVE-2018-1124

TITLE

procps-ng Integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-005228

DESCRIPTION

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users. procps-ng Contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Procps-ng Procps is prone to the following security vulnerabilities: 1. A local security-bypass vulnerability 2. A local privilege-escalation vulnerability 3. A local denial-of-service vulnerability 4. Multiple local integer-overflow vulnerabilities 5. A stack-based buffer-overflow vulnerability Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application or perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201805-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: procps: Multiple vulnerabilities Date: May 30, 2018 Bugs: #656022 ID: 201805-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in procps, the worst of which could result in the execution of arbitrary code. Background ========== A bunch of small useful utilities that give information about processes using the /proc filesystem. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-process/procps < 3.3.15-r1 >= 3.3.15-r1 Description =========== Multiple vulnerabilities have been discovered in procps. Please review the CVE identifiers referenced below for details. Impact ====== A local attacker could execute arbitrary code, escalate privileges, or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All procps users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-process/procps-3.3.15-r1" References ========== [ 1 ] CVE-2018-1120 https://nvd.nist.gov/vuln/detail/CVE-2018-1120 [ 2 ] CVE-2018-1121 https://nvd.nist.gov/vuln/detail/CVE-2018-1121 [ 3 ] CVE-2018-1122 https://nvd.nist.gov/vuln/detail/CVE-2018-1122 [ 4 ] CVE-2018-1123 https://nvd.nist.gov/vuln/detail/CVE-2018-1123 [ 5 ] CVE-2018-1124 https://nvd.nist.gov/vuln/detail/CVE-2018-1124 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201805-14 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2018 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5

Trust: 2.07

sources: NVD: CVE-2018-1124 // JVNDB: JVNDB-2018-005228 // BID: 104214 // VULMON: CVE-2018-1124 // PACKETSTORM: 147943

AFFECTED PRODUCTS

vendor:	procps ng	model:	procps-ng	scope:	lt	version:	3.3.15	Trust: 1.8
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7.0	Trust: 1.6
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	6.0	Trust: 1.6
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7.0	Trust: 1.6
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	6.0	Trust: 1.6
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	6.0	Trust: 1.6
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7.5	Trust: 1.6
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	6.0	Trust: 1.6
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7.0	Trust: 1.6
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7.0	Trust: 1.6
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	14.04	Trust: 1.0
vendor:	schneider electric	model:	struxureware data center expert	scope:	lt	version:	7.6.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	17.10	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.0	Trust: 1.0
vendor:	canonical	model:	ubuntu	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	enterprise linux	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	enterprise linux desktop	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	enterprise linux server	scope:	-	version:	-	Trust: 0.8
vendor:	red hat	model:	enterprise linux workstation	scope:	-	version:	-	Trust: 0.8
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	6	Trust: 0.3
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	5	Trust: 0.3
vendor:	procps ng	model:	procps	scope:	eq	version:	0	Trust: 0.3

sources: NVD: CVE-2018-1124 // CNNVD: CNNVD-201805-789 // JVNDB: JVNDB-2018-005228 // BID: 104214

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2018-1124
value:	HIGH
Trust: 1.8
CNNVD:	CNNVD-201805-789
value:	HIGH
Trust: 0.6
VULMON:	CVE-2018-1124
value:	MEDIUM
Trust: 0.1

NVD:	CVE-2018-1124
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.9

NVD:	CVE-2018-1124
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2018-1124
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: NVD: CVE-2018-1124 // CNNVD: CNNVD-201805-789 // JVNDB: JVNDB-2018-005228 // VULMON: CVE-2018-1124

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.8
problemtype:	CWE-787	Trust: 1.0

sources: NVD: CVE-2018-1124 // JVNDB: JVNDB-2018-005228

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201805-789

TYPE

input validation error

Trust: 0.9

sources: CNNVD: CNNVD-201805-789 // BID: 104214

CONFIGURATIONS

sources: NVD: CVE-2018-1124

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2018-1124

PATCH

title:	DSA-4208-1	url:	https://www.debian.org/security/2018/dsa-4208	Trust: 0.8
title:	procps	url:	https://gitlab.com/procps-ng/procps	Trust: 0.8
title:	RHSA-2018:1700	url:	https://access.redhat.com/errata/rhsa-2018:1700	Trust: 0.8
title:	RHSA-2018:1777	url:	https://access.redhat.com/errata/rhsa-2018:1777	Trust: 0.8
title:	RHSA-2018:1820	url:	https://access.redhat.com/errata/rhsa-2018:1820	Trust: 0.8
title:	USN-3658-1	url:	https://usn.ubuntu.com/3658-1/	Trust: 0.8
title:	USN-3658-2	url:	https://usn.ubuntu.com/3658-2/	Trust: 0.8
title:	procps-ng Fixes for digital error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83673	Trust: 0.6
title:	Red Hat: Important: procps-ng security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20192401 - security advisory	Trust: 0.1
title:	Red Hat: Important: Red Hat Virtualization security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20181820 - security advisory	Trust: 0.1
title:	Red Hat: Important: procps-ng security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20181700 - security advisory	Trust: 0.1
title:	Red Hat: Important: procps-ng security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20191944 - security advisory	Trust: 0.1
title:	Red Hat: Important: procps security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20182267 - security advisory	Trust: 0.1
title:	Red Hat: Important: procps security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20182268 - security advisory	Trust: 0.1
title:	Red Hat: Important: procps security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20181777 - security advisory	Trust: 0.1
title:	Ubuntu Security Notice: procps vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-3658-2	Trust: 0.1
title:	Red Hat: CVE-2018-1124	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=cve-2018-1124	Trust: 0.1
title:	Ubuntu Security Notice: procps vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-3658-1	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=cve-2018-1124	Trust: 0.1
title:	Debian CVElist Bug Report Logs: procps: CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=f5176a4090976ca64e2df1278bd3172b	Trust: 0.1
title:	Debian Security Advisories: DSA-4208-1 procps -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=58a59a2b26fe7d48fb944473493eb87a	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2018-1031	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=alas2-2018-1031	Trust: 0.1
title:	Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - April 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins&qid=c0bb087d513b6ab7ce4efb0405158613	Trust: 0.1
title:	Oracle Linux Bulletins: Oracle Linux Bulletin - April 2018	url:	https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=ae57a14ec914f60b7203332a77613077	Trust: 0.1
title:	rhel-centos-ec2-vuls	url:	https://github.com/riboseinc/rhel-centos-ec2-vuls	Trust: 0.1
title:	core-kit	url:	https://github.com/funtoo/core-kit	Trust: 0.1

sources: CNNVD: CNNVD-201805-789 // JVNDB: JVNDB-2018-005228 // VULMON: CVE-2018-1124

EXTERNAL IDS

db:	NVD	id:	CVE-2018-1124	Trust: 2.9
db:	BID	id:	104214	Trust: 2.0
db:	SECTRACK	id:	1041057	Trust: 1.7
db:	EXPLOIT-DB	id:	44806	Trust: 1.7
db:	MCAFEE	id:	SB10241	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-005228	Trust: 0.8
db:	AUSCERT	id:	ESB-2019.2859	Trust: 0.6
db:	AUSCERT	id:	ESB-2018.2456.4	Trust: 0.6
db:	AUSCERT	id:	ESB-2019.2859.2	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4254	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0001	Trust: 0.6
db:	PACKETSTORM	id:	153967	Trust: 0.6
db:	PACKETSTORM	id:	153809	Trust: 0.6
db:	CNNVD	id:	CNNVD-201805-789	Trust: 0.6
db:	VULMON	id:	CVE-2018-1124	Trust: 0.1
db:	PACKETSTORM	id:	147943	Trust: 0.1

sources: NVD: CVE-2018-1124 // CNNVD: CNNVD-201805-789 // JVNDB: JVNDB-2018-005228 // BID: 104214 // VULMON: CVE-2018-1124 // PACKETSTORM: 147943

REFERENCES

url:	https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt	Trust: 2.8
url:	https://access.redhat.com/errata/rhsa-2019:2401	Trust: 2.4
url:	http://www.securityfocus.com/bid/104214	Trust: 2.3
url:	https://access.redhat.com/errata/rhsa-2019:1944	Trust: 2.3
url:	https://www.exploit-db.com/exploits/44806/	Trust: 1.8
url:	https://usn.ubuntu.com/3658-2/	Trust: 1.8
url:	https://security.gentoo.org/glsa/201805-14	Trust: 1.8
url:	https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-1124	Trust: 1.7
url:	http://seclists.org/oss-sec/2018/q2/122	Trust: 1.7
url:	https://www.debian.org/security/2018/dsa-4208	Trust: 1.7
url:	https://usn.ubuntu.com/3658-1/	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2018:1700	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2018:1777	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2018:1820	Trust: 1.7
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10241	Trust: 1.7
url:	http://www.securitytracker.com/id/1041057	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2018:2268	Trust: 1.7
url:	https://access.redhat.com/errata/rhsa-2018:2267	Trust: 1.7
url:	https://help.ecostruxureit.com/display/public/uadce725/security+fixes+in+struxureware+data+center+expert+v7.6.0	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1124	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1124	Trust: 0.8
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20192730-1.html	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2018/suse-su-20182451-2/	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2019/suse-su-20190450-1/	Trust: 0.6
url:	https://www.suse.com/support/update/announcement/2018/suse-su-20182451-1/	Trust: 0.6
url:	http://www.ibm.com/support/docview.wss?uid=ibm10874468	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2859/	Trust: 0.6
url:	https://packetstormsecurity.com/files/153967/red-hat-security-advisory-2019-2401-01.html	Trust: 0.6
url:	https://packetstormsecurity.com/files/153809/red-hat-security-advisory-2019-1944-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0001/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2018.2456.4/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2019.2859.2/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4254/	Trust: 0.6
url:	https://gitlab.com/procps-ng/procps	Trust: 0.3
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1575465	Trust: 0.3
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1575466	Trust: 0.3
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1575473	Trust: 0.3
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1575474	Trust: 0.3
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1575852	Trust: 0.3
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1575853	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-1121	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-1122	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-1123	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-1124	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-1125	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2018-1126	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/190.html	Trust: 0.1
url:	https://tools.cisco.com/security/center/viewalert.x?alertid=57956	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1122	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1123	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1121	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1120	Trust: 0.1

sources: NVD: CVE-2018-1124 // CNNVD: CNNVD-201805-789 // JVNDB: JVNDB-2018-005228 // BID: 104214 // VULMON: CVE-2018-1124 // PACKETSTORM: 147943

CREDITS

Red Hat

Trust: 0.6

sources: CNNVD: CNNVD-201805-789

SOURCES

db:	NVD	id:	CVE-2018-1124
db:	CNNVD	id:	CNNVD-201805-789
db:	JVNDB	id:	JVNDB-2018-005228
db:	BID	id:	104214
db:	VULMON	id:	CVE-2018-1124
db:	PACKETSTORM	id:	147943

LAST UPDATE DATE

2021-12-18T22:07:19.455000+00:00

SOURCES UPDATE DATE

db:	NVD	id:	CVE-2018-1124	date:	2020-09-09T14:58:00
db:	CNNVD	id:	CNNVD-201805-789	date:	2021-01-04T00:00:00
db:	JVNDB	id:	JVNDB-2018-005228	date:	2018-07-10T00:00:00
db:	BID	id:	104214	date:	2018-05-17T00:00:00
db:	VULMON	id:	CVE-2018-1124	date:	2020-09-09T00:00:00
db:	PACKETSTORM	id:	147943	date:	-

SOURCES RELEASE DATE

db:	NVD	id:	CVE-2018-1124	date:	2018-05-23T13:29:00
db:	CNNVD	id:	CNNVD-201805-789	date:	2018-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-005228	date:	2018-07-10T00:00:00
db:	BID	id:	104214	date:	2018-05-17T00:00:00
db:	VULMON	id:	CVE-2018-1124	date:	2018-05-23T00:00:00
db:	PACKETSTORM	id:	147943	date:	2018-05-30T19:59:39