PT-2018-2216 · Procps Ng+5 · Procps-Ng+5

Published

2018-05-17

Updated

2024-06-15

CVE-2018-1126

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions procps-ng versions prior to 3.3.15

Description The issue is related to an integer overflow in the file2strvec function of the procps-ng utility set, which can be exploited by a remote attacker to elevate privileges and execute arbitrary code. The problem arises from an incorrect integer size in proc/alloc, leading to truncation and integer overflow issues.

Recommendations For versions prior to 3.3.15, update to version 3.3.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable function until a patch is available.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2019-1749

BDU:2019-00250

CESA-2018_1700

CESA-2018_1777

CVE-2018-1126

DLA-1390-1

DSA-4208-1

OPENSUSE-SU-2018_1848-1

OPENSUSE-SU-2019:2376-1

OPENSUSE-SU-2019:2379-1

OPENSUSE-SU-2019_0291-1

OPENSUSE-SU-2019_2376-1

OPENSUSE-SU-2019_2379-1

OPENSUSE-SU-2024:11195-1

OPENSUSE-SU-2024:12565-1

RHSA-2018:1700

RHSA-2018:1777

RHSA-2018:1820

RHSA-2018:2267

RHSA-2018:2268

RHSA-2018_1700

RHSA-2018_1777

RHSA-2019:1944

SUSE-SU-2018:1836-1

SUSE-SU-2018:2042-1

SUSE-SU-2018:2451-2

SUSE-SU-2019:0450-1

SUSE-SU-2019:0450-2

SUSE-SU-2019:2730-1

USN-3658-1

USN-3658-2

Affected Products

Alt Linux

Centos

Red Hat

Suse

Ubuntu

Procps-Ng

PT-2018-2216 · Procps Ng+5 · Procps-Ng+5

CVE-2018-1126

Weakness Enumeration

Related Identifiers

Affected Products

References · 99