 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.891390 |
| Kategorie: | Debian Local Security Checks |
| Titel: | Debian LTS: Security Advisory for procps (DLA-1390-1) |
| Zusammenfassung: | The Qualys Research Labs discovered multiple vulnerabilities in procps,;a set of command line and full screen utilities for browsing procfs. The;Common Vulnerabilities and Exposures project identifies the following;problems:;;CVE-2018-1122;;top read its configuration from the current working directory if no;$HOME was configured. If top were started from a directory writable;by the attacker (such as /tmp) this could result in local privilege;escalation.;;CVE-2018-1123;;Denial of service against the ps invocation of another user.;;CVE-2018-1124;;An integer overflow in the file2strvec() function of libprocps could;result in local privilege escalation.;;CVE-2018-1125;;A stack-based buffer overflow in pgrep could result in denial;of service for a user using pgrep for inspecting a specially;crafted process.;;CVE-2018-1126;;Incorrect integer size parameters used in wrappers for standard C;allocators could cause integer truncation and lead to integer;overflow issues. |
| Beschreibung: | Summary: The Qualys Research Labs discovered multiple vulnerabilities in procps, a set of command line and full screen utilities for browsing procfs. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2018-1122 top read its configuration from the current working directory if no $HOME was configured. If top were started from a directory writable by the attacker (such as /tmp) this could result in local privilege escalation. CVE-2018-1123 Denial of service against the ps invocation of another user. CVE-2018-1124 An integer overflow in the file2strvec() function of libprocps could result in local privilege escalation. CVE-2018-1125 A stack-based buffer overflow in pgrep could result in denial of service for a user using pgrep for inspecting a specially crafted process. CVE-2018-1126 Incorrect integer size parameters used in wrappers for standard C allocators could cause integer truncation and lead to integer overflow issues. Affected Software/OS: procps on Debian Linux Solution: For Debian 7 'Wheezy', these problems have been fixed in version 1:3.3.3-3+deb7u1. We recommend that you upgrade your procps packages. The Debian LTS team would like to thank Abhijith PA for preparing this update. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2018-1122 BugTraq ID: 104214 http://www.securityfocus.com/bid/104214 Debian Security Information: DSA-4208 (Google Search) https://www.debian.org/security/2018/dsa-4208 https://www.exploit-db.com/exploits/44806/ https://security.gentoo.org/glsa/201805-14 https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html http://seclists.org/oss-sec/2018/q2/122 RedHat Security Advisories: RHSA-2019:2189 https://access.redhat.com/errata/RHSA-2019:2189 RedHat Security Advisories: RHSA-2020:0595 https://access.redhat.com/errata/RHSA-2020:0595 SuSE Security Announcement: openSUSE-SU-2019:2376 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html SuSE Security Announcement: openSUSE-SU-2019:2379 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html https://usn.ubuntu.com/3658-1/ https://usn.ubuntu.com/3658-3/ Common Vulnerability Exposure (CVE) ID: CVE-2018-1123 https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E Common Vulnerability Exposure (CVE) ID: CVE-2018-1124 RedHat Security Advisories: RHSA-2018:1700 https://access.redhat.com/errata/RHSA-2018:1700 RedHat Security Advisories: RHSA-2018:1777 https://access.redhat.com/errata/RHSA-2018:1777 RedHat Security Advisories: RHSA-2018:1820 https://access.redhat.com/errata/RHSA-2018:1820 RedHat Security Advisories: RHSA-2018:2267 https://access.redhat.com/errata/RHSA-2018:2267 RedHat Security Advisories: RHSA-2018:2268 https://access.redhat.com/errata/RHSA-2018:2268 RedHat Security Advisories: RHSA-2019:1944 https://access.redhat.com/errata/RHSA-2019:1944 RedHat Security Advisories: RHSA-2019:2401 https://access.redhat.com/errata/RHSA-2019:2401 http://www.securitytracker.com/id/1041057 https://usn.ubuntu.com/3658-2/ Common Vulnerability Exposure (CVE) ID: CVE-2018-1125 Common Vulnerability Exposure (CVE) ID: CVE-2018-1126 |
| Copyright | Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net |
| Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |