PT-2018-3527 · Procps Ng+5 · Procps-Ng+5

Publicado

2018-05-07

·

Atualizado

2024-06-15

·

CVE-2018-1122

CVSS v3.1

7.3

Alta

VetorAV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: procps-ng versions prior to 3.3.15
Description: The issue is related to a local privilege escalation in the top utility of the procps-ng package. It occurs when a user runs top with the HOME environment variable unset in an attacker-controlled directory. The vulnerability is exploited through the config file() function, allowing an attacker to achieve privilege escalation. The vulnerability is related to the inclusion of functions from an untrusted controlled area.
Recommendations: For versions prior to 3.3.15, update to version 3.3.15 or later to resolve the issue. As a temporary workaround, consider setting the HOME environment variable before running the top utility to minimize the risk of exploitation. Restrict access to the config file() function until a patch is available.

Exploit

Correção

LPE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-829

Identificadores relacionados

ALT-PU-2019-1749
BDU:2020-03291
CESA-2019_2189
CVE-2018-1122
DLA-1390-1
DSA-4208-1
OPENSUSE-SU-2018_1848-1
OPENSUSE-SU-2019:2376-1
OPENSUSE-SU-2019:2379-1
OPENSUSE-SU-2019_0291-1
OPENSUSE-SU-2019_2376-1
OPENSUSE-SU-2019_2379-1
OPENSUSE-SU-2024:11195-1
OPENSUSE-SU-2024:12565-1
RHSA-2019:2189
RHSA-2019_2189
RHSA-2020:0595
RHSA-2020:1265
RHSA-2020:1464
SUSE-SU-2018:1836-1
SUSE-SU-2018:2042-1
SUSE-SU-2018:2451-2
SUSE-SU-2018_1836-1
SUSE-SU-2018_2042-1
SUSE-SU-2018_2451-2
SUSE-SU-2019:0450-1
SUSE-SU-2019:0450-2
SUSE-SU-2019:2730-1
SUSE-SU-2019_0450-1
SUSE-SU-2019_0450-2
SUSE-SU-2019_2730-1
USN-3658-1
USN-3658-3

Produtos afetados

Alt Linux
Centos
Red Hat
Suse
Ubuntu
Procps-Ng