#VU12975 Privilege escalation in procps


Vulnerability identifier: #VU12975

Vulnerability risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-1122

CWE-ID: CWE-264

Exploitation vector: Local

Exploit availability: Yes

Vulnerable software:
procps
Client/Desktop applications / Software for system administration

Vendor: procps-ng

Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to top reads its configuration file from the current working directory, without any security check, if the HOME environment variable is unset or empty. A local attacker can exploit one of several vulnerabilities in top's config_file() function, execute top in /tmp (for example) and gain elevated privileges.

Mitigation
Update to version 3.3.15.

Vulnerable software versions

procps: All versions

External links
http://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell EMC Data Computing Appliance (DCA)
Multiple vulnerabilities in Dell EMC Unity Family
Privilege escalation in procps-ng component in F5 Traffix SDC
Privilege escalation in procps-ng component in F5 BIG-IQ Centralized Management
Privilege escalation in procps-ng component in F5 BIG-IP
Red Hat Enterprise Linux 7 update for procps-ng
Red Hat Enterprise Linux 7 update for procps-ng
Red Hat Enterprise Linux Server 7.4 update for procps-ng
OpenSUSE Linux update for procps
OpenSUSE Linux update for procps