English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.852329
Kategorie:SuSE Local Security Checks
Titel:openSUSE: Security Advisory for procps (openSUSE-SU-2019:0291-1)
Zusammenfassung:The remote host is missing an update for the 'procps'; package(s) announced via the openSUSE-SU-2019:0291-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'procps'
package(s) announced via the openSUSE-SU-2019:0291-1 advisory.

Vulnerability Insight:
This update for procps fixes the following security issues:

- CVE-2018-1122: Prevent local privilege escalation in top. If a user ran
top with HOME unset in an attacker-controlled directory, the attacker
could have achieved privilege escalation by exploiting one of several
vulnerabilities in the config_file() function (bsc#1092100).

- CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow.
Inbuilt protection in ps mapped a guard page at the end of the overflowed
buffer, ensuring that the impact of this flaw is limited to a crash
(temporary denial of service) (bsc#1092100).

- CVE-2018-1124: Prevent multiple integer overflows leading to a heap
corruption in file2strvec function. This allowed a privilege escalation
for a local attacker who can create entries in procfs by starting
processes, which could result in crashes or arbitrary code execution in
proc utilities run by
other users (bsc#1092100).

- CVE-2018-1125: Prevent stack buffer overflow in pgrep. This
vulnerability was mitigated by FORTIFY limiting the impact to a crash
(bsc#1092100).

- CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent
truncation/integer overflow issues (bsc#1092100).

(These issues were previously released for SUSE Linux Enterprise 12 SP3
and SP4.)

Also the following non-security issue was fixed:

- Fix CPU summary showing old data. (bsc#1121753)

This update was imported from the SUSE:SLE-12:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-291=1

Affected Software/OS:
procps on openSUSE Leap 42.3.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-1122
BugTraq ID: 104214
http://www.securityfocus.com/bid/104214
Debian Security Information: DSA-4208 (Google Search)
https://www.debian.org/security/2018/dsa-4208
https://www.exploit-db.com/exploits/44806/
https://security.gentoo.org/glsa/201805-14
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html
http://seclists.org/oss-sec/2018/q2/122
RedHat Security Advisories: RHSA-2019:2189
https://access.redhat.com/errata/RHSA-2019:2189
RedHat Security Advisories: RHSA-2020:0595
https://access.redhat.com/errata/RHSA-2020:0595
SuSE Security Announcement: openSUSE-SU-2019:2376 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html
SuSE Security Announcement: openSUSE-SU-2019:2379 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html
https://usn.ubuntu.com/3658-1/
https://usn.ubuntu.com/3658-3/
Common Vulnerability Exposure (CVE) ID: CVE-2018-1123
https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
Common Vulnerability Exposure (CVE) ID: CVE-2018-1124
RedHat Security Advisories: RHSA-2018:1700
https://access.redhat.com/errata/RHSA-2018:1700
RedHat Security Advisories: RHSA-2018:1777
https://access.redhat.com/errata/RHSA-2018:1777
RedHat Security Advisories: RHSA-2018:1820
https://access.redhat.com/errata/RHSA-2018:1820
RedHat Security Advisories: RHSA-2018:2267
https://access.redhat.com/errata/RHSA-2018:2267
RedHat Security Advisories: RHSA-2018:2268
https://access.redhat.com/errata/RHSA-2018:2268
RedHat Security Advisories: RHSA-2019:1944
https://access.redhat.com/errata/RHSA-2019:1944
RedHat Security Advisories: RHSA-2019:2401
https://access.redhat.com/errata/RHSA-2019:2401
http://www.securitytracker.com/id/1041057
https://usn.ubuntu.com/3658-2/
Common Vulnerability Exposure (CVE) ID: CVE-2018-1125
Common Vulnerability Exposure (CVE) ID: CVE-2018-1126
CopyrightCopyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.