Debian Bug report logs -
#899170
procps: CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126
Package:
src:procps;
Maintainer for src:procps is Craig Small <csmall@debianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Sun, 20 May 2018 09:30:01 UTC
Severity: important
Tags: security ...
Synopsis
Moderate: procps-ng security and bug fix update
Type/Severity
Security Advisory: Moderate
Topic
An update for procps-ng is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS ...
Synopsis
Moderate: procps-ng security update
Type/Severity
Security Advisory: Moderate
Topic
An update for procps-ng is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scorin ...
Synopsis
Moderate: procps-ng security update
Type/Severity
Security Advisory: Moderate
Topic
An update for procps-ng is now available for Red Hat Enterprise Linux 74 Advanced Update Support, Red Hat Enterprise Linux 74 Telco Extended Update Support, and Red Hat Enterprise Linux 74 Update Services for SAP ...
Synopsis
Moderate: procps-ng security update
Type/Severity
Security Advisory: Moderate
Topic
An update for procps-ng is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scorin ...
The Qualys Research Labs discovered multiple vulnerabilities in procps,
a set of command line and full screen utilities for browsing procfs The
Common Vulnerabilities and Exposures project identifies the following
problems:
CVE-2018-1122
top read its configuration from the current working directory if no
$HOME was configured If top were ...
Several security issues were fixed in procps-ng ...
Several security issues were fixed in procps-ng ...
If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function(CV ...
If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory without any security check If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function ...
The top utility from procps-ng <= 3314 reads its configuration file from the current working directory, without any security check, if the HOME environment variable is unset or empty In this very unlikely scenario, an attacker can carry out an LPE (Local Privilege Escalation) if an administrator executes top in /tmp (for example), by exploiti ...