SB2018052212 - Multiple vulnerabilities in procps

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018052212

SB2018052212 - Multiple vulnerabilities in procps

Published: May 22, 2018 Updated: May 23, 2018

Security Bulletin ID SB2018052212
Severity
High
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

High 29% Low 71%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Race condition (CVE-ID: CVE-2018-1121)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a race condition inherent in reading /proc/PID entries. A remote attacker can hide a process from procps-ng's utilities and cause the service to crash.

2) Privilege escalation (CVE-ID: CVE-2018-1122)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to top reads its configuration file from the current working directory, without any security check, if the HOME environment variable is unset or empty. A local attacker can exploit one of several vulnerabilities in top's config_file() function, execute top in /tmp (for example) and gain elevated privileges.

3) Buffer overflow (CVE-ID: CVE-2018-1123)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to ps mmap()s its output buffer and mprotect()s its last page with PROT_NONE (an effective guard page). A remote attacker can trick the victim into opening a specially crafted input, overflow the output buffer of ps and cause the service to crash.

4) Integer overflow (CVE-ID: CVE-2018-1124)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to integer overflow in libprocps's file2strvec() function. A local attacker can execute a vulnerable utility (pgrep, pidof, pkill, and w are vulnerable by default; other utilities are vulnerable if executed with non-default options) and gain elevated privileges.

5) Improper input validation (CVE-ID: CVE-2018-1120)

The vulnerability allows a local user to cause DoS condition on the target system.

The weakness exists due to insufficient validation of user-supplied input. A local user can block any read() access to /proc/PID/cmdline by mmap()ing a FUSE file (Filesystem in Userspace) onto this process's command-line arguments, block pgrep, pidof, pkill, ps, and w, either forever (a denial of service), or for some controlled time (a synchronization tool for exploiting other vulnerabilities).

6) Stack-based buffer overflow (CVE-ID: CVE-2018-1125)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow. A remote attacker can send a specially crafted request, trigger memory corruption and execute arbitrary code with elevated privileges.


7) Buffer overflow (CVE-ID: CVE-2018-1126)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to improper bounds checking. A remote attacker can send a specially crafted request, trigger memory corruption and execute arbitrary code with elevated privileges.


Remediation

Install update from vendor's website.

References