PT-2018-3531 · Linux+5 · Linux Kernel+5

Publicado

2018-05-17

·

Atualizado

2019-10-09

·

CVE-2018-1120

CVSS v2.0

6.3

Média

VetorAV:N/AC:M/Au:S/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.17
Description: A flaw in the Linux kernel allows an attacker to cause a denial of service or create a synchronization primitive for other attacks by mmap()ing a FUSE-backed file onto a process's memory containing command line arguments or environment strings. This can cause utilities such as ps or w to block indefinitely when making a read() call to the /proc//cmdline or /proc//environ files.
Recommendations: For Linux kernel versions prior to 4.17, consider restricting access to the mmap() function or limiting the use of FUSE-backed files to minimize the risk of exploitation. As a temporary workaround, avoid using utilities that make read() calls to the /proc//cmdline or /proc//environ files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Heap Based Buffer Overflow

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-122CWE-119

Identificadores relacionados

ALT-PU-2018-1754
ALT-PU-2018-1755
ALT-PU-2018-1971
ALT-PU-2018-1976
ALT-PU-2019-1433
BDU:2020-03305
CESA-2018_3083
CVE-2018-1120
DLA-1423-1
MGASA-2018-0263
MGASA-2018-0264
MGASA-2018-0265
OPENSUSE-SU-2018_2119-1
OPENSUSE-SU-2019_0140-1
RHSA-2018:2948
RHSA-2018:3083
RHSA-2018:3096
RHSA-2018_3083
RHSA-2018_3096
RHSA-2020:3804
RHSA-2020:3810
SUSE-SU-2018:2092-1
SUSE-SU-2019:0148-1
SUSE-SU-2019:0320-1
SUSE-SU-2019:0541-1
SUSE-SU-2019:1287-1
SUSE-SU-2019_0541-1
USN-3752-1
USN-3752-2
USN-3752-3
USN-3910-1
USN-3910-2

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu