what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 15 of 15 RSS Feed

CVE-2018-1124

Status Candidate

Overview

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.

Related Files

Red Hat Security Advisory 2019-2401-01
Posted Aug 7, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2401-01 - The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2018-1124
SHA-256 | 47ae16696b0e5b96efbdda51cb748fdbfd8d87e31974ac412038d46d7eda2b73
Red Hat Security Advisory 2019-1944-01
Posted Jul 30, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1944-01 - The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2018-1124, CVE-2018-1126
SHA-256 | 58d0f98a7e15b2f4cb39c54cba6d3568b45fbd2aa0dadd553c3e12ff0eb5092d
JMX RMI - Multiple Applications RCE
Posted Mar 26, 2019
Authored by redtimmysec

This whitepaper discusses highlights of findings related to remote code execution leveraging JMX/RMI.

tags | paper, remote, code execution
advisories | CVE-2018-11247, CVE-2018-8016, CVE-2019-7727
SHA-256 | c1c6d49b75e30398fa5a7dacd39a13e739823cc3f93d713506d4b6e32f8da33d
Nasdaq BWise 5.0 JMX/RMI Interface Remote Code Execution
Posted Aug 14, 2018
Authored by Anibal Aguiar

Nasdaq BWise version 5.0 suffers from a JMX/RMI interface remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-11247
SHA-256 | bd5c8c9b2bdc9af063a4f07d2fccdc991619335996b3a5f28f30a14b6f598b5e
Red Hat Security Advisory 2018-2267-01
Posted Jul 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2267-01 - The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2018-1124, CVE-2018-1126
SHA-256 | c0907ab3460d24304dcb7a7f242911a95312066de9cc013fadeb46fad7b1d68b
Red Hat Security Advisory 2018-2268-01
Posted Jul 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2268-01 - The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2018-1124, CVE-2018-1126
SHA-256 | 5c5dce04b98f5034ccab76187f370aa0ec5490e0a49c819bb83e596dc833f392
Red Hat Security Advisory 2018-1820-01
Posted Jun 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1820-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2018-1124, CVE-2018-1126
SHA-256 | f2d957f9b40130aa3fdabbf4336e770d69893b20f1d8e6d68e0566726a5819b1
Ubuntu Security Notice USN-3658-2
Posted Jun 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3658-2 - USN-3658-1 fixed a vulnerability in procps-ng. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that libprocps incorrectly handled the file2strvec function. A local attacker could possibly use this to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2018-1124, CVE-2018-1126
SHA-256 | c269057a352da20714156cd9fbea554297092d8911d193e0263e8c5899b87ef5
Red Hat Security Advisory 2018-1777-01
Posted May 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1777-01 - The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2018-1124, CVE-2018-1126
SHA-256 | 6a5432497654c684dedf725c9d655f9ea79f3a8a1cdb12d1d04ae0bdf435f6ab
Gentoo Linux Security Advisory 201805-14
Posted May 30, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201805-14 - Multiple vulnerabilities have been found in procps, the worst of which could result in the execution of arbitrary code. Versions less than 3.3.15-r1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-1120, CVE-2018-1121, CVE-2018-1122, CVE-2018-1123, CVE-2018-1124
SHA-256 | 15e0a00065c277f09db78800b692b7275807850b07c19e60fa5dc852bc3b3eee
Ubuntu Security Notice USN-3658-1
Posted May 24, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3658-1 - It was discovered that the procps-ng top utility incorrectly read its configuration file from the current working directory. A local attacker could possibly use this issue to escalate privileges. It was discovered that the procps-ng ps tool incorrectly handled memory. A local user could possibly use this issue to cause a denial of service. It was discovered that libprocps incorrectly handled the file2strvec function. A local attacker could possibly use this to execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2018-1122, CVE-2018-1123, CVE-2018-1124, CVE-2018-1125, CVE-2018-1126
SHA-256 | 6c482ce89fc0489037c921eae41b9c5bf25503ef49a7c0170a3d43294c052ca3
Slackware Security Advisory - procps-ng Updates
Posted May 24, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New procps-ng packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-1122, CVE-2018-1123, CVE-2018-1124, CVE-2018-1125, CVE-2018-1126
SHA-256 | 86c9f72cfbdf45d053c83e679c76c11f4677fc9efa078a5c93eeef9ed5b8d140
Red Hat Security Advisory 2018-1700-01
Posted May 23, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1700-01 - The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2018-1124, CVE-2018-1126
SHA-256 | d4d5365cfb76f7ce8f2af4cce5618129ba46fda26873caa376506f600d65a496
Procps-ng Audit Report
Posted May 22, 2018
Site qualys.com

Qualys performed an extensive audit of procps-ng. They discovered hundreds of bugs and vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2018-1120, CVE-2018-1121, CVE-2018-1122, CVE-2018-1123, CVE-2018-1124, CVE-2018-1125, CVE-2018-1126
SHA-256 | 6d895899f31fb860118c7f19ea72747036e5eb147127ca183af8defd7ed85eff
Debian Security Advisory 4208-1
Posted May 22, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4208-1 - The Qualys Research Labs discovered multiple vulnerabilities in procps, a set of command line and full screen utilities for browsing procfs.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2018-1122, CVE-2018-1123, CVE-2018-1124, CVE-2018-1125, CVE-2018-1126
SHA-256 | e68fd20d426ce3b9af8dba966514831f2fd6dce2e702836ab9c951452f1788a8
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close