CVE-2018-1122

Debian Bug report logs - #899170 procps: CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 Package: src:procps; Maintainer for src:procps is Craig Small <csmall@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 20 May 2018 09:30:01 UTC Severity: important Tags: security ...

Synopsis Moderate: procps-ng security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for procps-ng is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS ...

Synopsis Moderate: procps-ng security update Type/Severity Security Advisory: Moderate Topic An update for procps-ng is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scorin ...

Synopsis Moderate: procps-ng security update Type/Severity Security Advisory: Moderate Topic An update for procps-ng is now available for Red Hat Enterprise Linux 74 Advanced Update Support, Red Hat Enterprise Linux 74 Telco Extended Update Support, and Red Hat Enterprise Linux 74 Update Services for SAP ...

Synopsis Moderate: procps-ng security update Type/Severity Security Advisory: Moderate Topic An update for procps-ng is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scorin ...

The Qualys Research Labs discovered multiple vulnerabilities in procps, a set of command line and full screen utilities for browsing procfs The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-1122 top read its configuration from the current working directory if no $HOME was configured If top were ...

Several security issues were fixed in procps-ng ...

Several security issues were fixed in procps-ng ...

If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function(CV ...

If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function ...

The top utility from procps-ng <= 3314 reads its configuration file from the current working directory, without any security check, if the HOME environment variable is unset or empty In this very unlikely scenario, an attacker can carry out an LPE (Local Privilege Escalation) if an administrator executes top in /tmp (for example), by exploiti ...