ID

VAR-201805-0872


CVE

CVE-2018-1126


TITLE

procps-ng Integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-005229

DESCRIPTION

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124. procps-ng Contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Procps-ng Procps is prone to the following security vulnerabilities: 1. A local security-bypass vulnerability 2. A local privilege-escalation vulnerability 3. A local denial-of-service vulnerability 4. Multiple local integer-overflow vulnerabilities 5. A stack-based buffer-overflow vulnerability Attackers can exploit these issues to execute arbitrary code in the context of the user running the affected application or perform unauthorized actions. Failed exploit attempts will likely cause a denial-of-service condition

Trust: 1.98

sources: NVD: CVE-2018-1126 // JVNDB: JVNDB-2018-005229 // BID: 104214 // VULMON: CVE-2018-1126

AFFECTED PRODUCTS

vendor:procps ngmodel:procps-ngscope:ltversion:3.3.15

Trust: 1.8

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.6

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.6

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:8.0

Trust: 1.0

vendor:redhatmodel:enterprise linux server ausscope:eqversion:6.6

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.5

Trust: 1.0

vendor:redhatmodel:enterprise linux server tusscope:eqversion:6.6

Trust: 1.0

vendor:redhatmodel:enterprise linuxscope:eqversion:7.0

Trust: 1.0

vendor:schneider electricmodel:struxureware data center expertscope:ltversion:7.6.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:17.10

Trust: 1.0

vendor:canonicalmodel:ubuntuscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:red hatmodel:enterprise linuxscope: - version: -

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope: - version: -

Trust: 0.8

vendor:red hatmodel:enterprise linux serverscope: - version: -

Trust: 0.8

vendor:red hatmodel:enterprise linux workstationscope: - version: -

Trust: 0.8

vendor:redhatmodel:enterprise linuxscope:eqversion:7

Trust: 0.3

vendor:redhatmodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:procps ngmodel:procpsscope:eqversion:0

Trust: 0.3

sources: NVD: CVE-2018-1126 // CNNVD: CNNVD-201805-788 // JVNDB: JVNDB-2018-005229 // BID: 104214

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2018-1126
value: CRITICAL

Trust: 1.8

CNNVD: CNNVD-201805-788
value: CRITICAL

Trust: 0.6

VULMON: CVE-2018-1126
value: HIGH

Trust: 0.1

NVD: CVE-2018-1126
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.9

NVD: CVE-2018-1126
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: NVD: CVE-2018-1126 // CNNVD: CNNVD-201805-788 // JVNDB: JVNDB-2018-005229 // VULMON: CVE-2018-1126

PROBLEMTYPE DATA

problemtype:CWE-190

Trust: 1.8

sources: NVD: CVE-2018-1126 // JVNDB: JVNDB-2018-005229

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-788

TYPE

input validation error

Trust: 0.9

sources: CNNVD: CNNVD-201805-788 // BID: 104214

CONFIGURATIONS

sources: NVD: CVE-2018-1126

PATCH

title:DSA-4208-1url:https://www.debian.org/security/2018/dsa-4208

Trust: 0.8

title:procpsurl:https://gitlab.com/procps-ng/procps

Trust: 0.8

title:RHSA-2018:1700url:https://access.redhat.com/errata/rhsa-2018:1700

Trust: 0.8

title:RHSA-2018:1777url:https://access.redhat.com/errata/rhsa-2018:1777

Trust: 0.8

title:RHSA-2018:1820url:https://access.redhat.com/errata/rhsa-2018:1820

Trust: 0.8

title:USN-3658-1url:https://usn.ubuntu.com/3658-1/

Trust: 0.8

title:USN-3658-2url:https://usn.ubuntu.com/3658-2/

Trust: 0.8

title:procps-ng Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83672

Trust: 0.6

title:Red Hat: Important: Red Hat Virtualization security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20181820 - security advisory

Trust: 0.1

title:Red Hat: Important: procps-ng security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20181700 - security advisory

Trust: 0.1

title:Red Hat: Important: procps-ng security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20191944 - security advisory

Trust: 0.1

title:Red Hat: Important: procps security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20182267 - security advisory

Trust: 0.1

title:Red Hat: Important: procps security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20182268 - security advisory

Trust: 0.1

title:Red Hat: Important: procps security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=rhsa-20181777 - security advisory

Trust: 0.1

title:Ubuntu Security Notice: procps vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-3658-2

Trust: 0.1

title:Red Hat: CVE-2018-1126url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=cve-2018-1126

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=cve-2018-1126

Trust: 0.1

title:Debian CVElist Bug Report Logs: procps: CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126url:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=f5176a4090976ca64e2df1278bd3172b

Trust: 0.1

title:Ubuntu Security Notice: procps vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=usn-3658-1

Trust: 0.1

title:Debian Security Advisories: DSA-4208-1 procps -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=58a59a2b26fe7d48fb944473493eb87a

Trust: 0.1

title:Amazon Linux 2: ALAS2-2018-1031url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=alas2-2018-1031

Trust: 0.1

title:Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - April 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins&qid=c0bb087d513b6ab7ce4efb0405158613

Trust: 0.1

title:Oracle Linux Bulletins: Oracle Linux Bulletin - April 2018url:https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins&qid=ae57a14ec914f60b7203332a77613077

Trust: 0.1

title:rhel-centos-ec2-vulsurl:https://github.com/riboseinc/rhel-centos-ec2-vuls

Trust: 0.1

title:core-kiturl:https://github.com/funtoo/core-kit

Trust: 0.1

sources: CNNVD: CNNVD-201805-788 // JVNDB: JVNDB-2018-005229 // VULMON: CVE-2018-1126

EXTERNAL IDS

db:NVDid:CVE-2018-1126

Trust: 2.8

db:BIDid:104214

Trust: 2.0

db:SECTRACKid:1041057

Trust: 1.7

db:JVNDBid:JVNDB-2018-005229

Trust: 0.8

db:AUSCERTid:ESB-2018.2456.4

Trust: 0.6

db:AUSCERTid:ESB-2019.2859.2

Trust: 0.6

db:AUSCERTid:ESB-2019.2859

Trust: 0.6

db:AUSCERTid:ESB-2020.4254

Trust: 0.6

db:AUSCERTid:ESB-2021.0001

Trust: 0.6

db:PACKETSTORMid:153809

Trust: 0.6

db:CNNVDid:CNNVD-201805-788

Trust: 0.6

db:VULMONid:CVE-2018-1126

Trust: 0.1

sources: NVD: CVE-2018-1126 // CNNVD: CNNVD-201805-788 // JVNDB: JVNDB-2018-005229 // BID: 104214 // VULMON: CVE-2018-1126

REFERENCES

url:https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt

Trust: 2.8

url:http://www.securityfocus.com/bid/104214

Trust: 2.3

url:https://access.redhat.com/errata/rhsa-2019:1944

Trust: 2.3

url:https://usn.ubuntu.com/3658-2/

Trust: 1.8

url:https://access.redhat.com/errata/rhsa-2018:1820

Trust: 1.8

url:https://bugzilla.redhat.com/show_bug.cgi?id=cve-2018-1126

Trust: 1.7

url:http://seclists.org/oss-sec/2018/q2/122

Trust: 1.7

url:https://www.debian.org/security/2018/dsa-4208

Trust: 1.7

url:https://usn.ubuntu.com/3658-1/

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2018:1700

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2018:1777

Trust: 1.7

url:http://www.securitytracker.com/id/1041057

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2018:2268

Trust: 1.7

url:https://access.redhat.com/errata/rhsa-2018:2267

Trust: 1.7

url:https://help.ecostruxureit.com/display/public/uadce725/security+fixes+in+struxureware+data+center+expert+v7.6.0

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html

Trust: 1.1

url:http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html

Trust: 1.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1126

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-1126

Trust: 0.8

url:https://www.suse.com/support/update/announcement/2019/suse-su-20192730-1.html

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2018/suse-su-20182451-2/

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2019/suse-su-20190450-1/

Trust: 0.6

url:https://www.suse.com/support/update/announcement/2018/suse-su-20182451-1/

Trust: 0.6

url:https://access.redhat.com/errata/rhsa-2019:2401

Trust: 0.6

url:http://www.ibm.com/support/docview.wss?uid=ibm10874468

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2859/

Trust: 0.6

url:https://packetstormsecurity.com/files/153809/red-hat-security-advisory-2019-1944-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0001/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2018.2456.4/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2019.2859.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4254/

Trust: 0.6

url:https://gitlab.com/procps-ng/procps

Trust: 0.3

url:https://bugzilla.redhat.com/show_bug.cgi?id=1575465

Trust: 0.3

url:https://bugzilla.redhat.com/show_bug.cgi?id=1575466

Trust: 0.3

url:https://bugzilla.redhat.com/show_bug.cgi?id=1575473

Trust: 0.3

url:https://bugzilla.redhat.com/show_bug.cgi?id=1575474

Trust: 0.3

url:https://bugzilla.redhat.com/show_bug.cgi?id=1575852

Trust: 0.3

url:https://bugzilla.redhat.com/show_bug.cgi?id=1575853

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-1121

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-1122

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-1123

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-1124

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-1125

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2018-1126

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/190.html

Trust: 0.1

url:https://tools.cisco.com/security/center/viewalert.x?alertid=57950

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: NVD: CVE-2018-1126 // CNNVD: CNNVD-201805-788 // JVNDB: JVNDB-2018-005229 // BID: 104214 // VULMON: CVE-2018-1126

CREDITS

Red Hat

Trust: 0.6

sources: CNNVD: CNNVD-201805-788

SOURCES

db:NVDid:CVE-2018-1126
db:CNNVDid:CNNVD-201805-788
db:JVNDBid:JVNDB-2018-005229
db:BIDid:104214
db:VULMONid:CVE-2018-1126

LAST UPDATE DATE

2021-12-18T12:29:55.049000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2018-1126date:2019-07-30T13:15:00
db:CNNVDid:CNNVD-201805-788date:2021-01-04T00:00:00
db:JVNDBid:JVNDB-2018-005229date:2018-07-10T00:00:00
db:BIDid:104214date:2018-05-17T00:00:00
db:VULMONid:CVE-2018-1126date:2019-07-30T00:00:00

SOURCES RELEASE DATE

db:NVDid:CVE-2018-1126date:2018-05-23T13:29:00
db:CNNVDid:CNNVD-201805-788date:2018-05-24T00:00:00
db:JVNDBid:JVNDB-2018-005229date:2018-07-10T00:00:00
db:BIDid:104214date:2018-05-17T00:00:00
db:VULMONid:CVE-2018-1126date:2018-05-23T00:00:00