procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-829,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 14.04 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 12.04 |
| procps-ng_project | procps-ng | * |
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-122,CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 14.04 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 12.04 |
| procps-ng_project | procps-ng | * |
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-122,CWE-190,CWE-190,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 16.04 |
| redhat | enterprise_linux_server | 6.0 |
| debian | debian_linux | 7.0 |
| canonical | ubuntu_linux | 14.04 |
| redhat | enterprise_linux | 7.0 |
| canonical | ubuntu_linux | 17.10 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux | 7.5 |
| opensuse | leap | 15.0 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| schneider-electric | struxureware_data_center_expert | * |
| redhat | enterprise_linux_workstation | 6.0 |
| procps-ng_project | procps-ng | * |
| opensuse | leap | 15.1 |
| redhat | enterprise_linux | 6.0 |
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-121,CWE-787,CWE-121,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
| canonical | ubuntu_linux | 14.04 |
| debian | debian_linux | 9.0 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 12.04 |
| procps-ng_project | procps-ng | * |
| opensuse | leap | 15.1 |
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-190,CWE-190,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server | 7.5 |
| canonical | ubuntu_linux | 16.04 |
| debian | debian_linux | 7.0 |
| canonical | ubuntu_linux | 14.04 |
| redhat | enterprise_linux | 7.0 |
| canonical | ubuntu_linux | 17.10 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_server_tus | 6.6 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| schneider-electric | struxureware_data_center_expert | * |
| procps-ng_project | procps-ng | * |
| redhat | enterprise_linux_server_aus | 6.6 |