exploit the possibilities
Showing 1 - 15 of 15 RSS Feed

CVE-2018-1124

Status Candidate

Overview

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.

Related Files

Red Hat Security Advisory 2019-2401-01
Posted Aug 7, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2401-01 - The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2018-1124
MD5 | 7c042fd06b67e3c6e2cfec64e0609722
Red Hat Security Advisory 2019-1944-01
Posted Jul 30, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1944-01 - The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2018-1124, CVE-2018-1126
MD5 | 14e1756208115d34e881d2eb64cb7322
JMX RMI - Multiple Applications RCE
Posted Mar 26, 2019
Authored by redtimmysec

This whitepaper discusses highlights of findings related to remote code execution leveraging JMX/RMI.

tags | paper, remote, code execution
advisories | CVE-2018-11247, CVE-2018-8016, CVE-2019-7727
MD5 | 6ff134ecb65e85ce3c03348a2f8cc3e1
Nasdaq BWise 5.0 JMX/RMI Interface Remote Code Execution
Posted Aug 14, 2018
Authored by Anibal Aguiar

Nasdaq BWise version 5.0 suffers from a JMX/RMI interface remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2018-11247
MD5 | c20152c2cc85ca80573c3e531ec54d1e
Red Hat Security Advisory 2018-2267-01
Posted Jul 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2267-01 - The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2018-1124, CVE-2018-1126
MD5 | 213a113082982c977612753e2d69b44b
Red Hat Security Advisory 2018-2268-01
Posted Jul 26, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2268-01 - The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2018-1124, CVE-2018-1126
MD5 | 5b8ee46d2ae059c9e8a9b28bdd6b679a
Red Hat Security Advisory 2018-1820-01
Posted Jun 11, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1820-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2018-1124, CVE-2018-1126
MD5 | f3265d3934ea0e480269e827b51970c2
Ubuntu Security Notice USN-3658-2
Posted Jun 6, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3658-2 - USN-3658-1 fixed a vulnerability in procps-ng. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that libprocps incorrectly handled the file2strvec function. A local attacker could possibly use this to execute arbitrary code. Various other issues were also addressed.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2018-1124, CVE-2018-1126
MD5 | 8c11d4a226d2b323f1f81e8bb5ccbe5a
Red Hat Security Advisory 2018-1777-01
Posted May 31, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1777-01 - The procps packages contain a set of system utilities that provide system information. The procps packages include the following utilities: ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, pwdx, sysctl, pmap, and slabtop. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2018-1124, CVE-2018-1126
MD5 | 65a109315e03b0c19b3e8846940cf2fd
Gentoo Linux Security Advisory 201805-14
Posted May 30, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201805-14 - Multiple vulnerabilities have been found in procps, the worst of which could result in the execution of arbitrary code. Versions less than 3.3.15-r1 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-1120, CVE-2018-1121, CVE-2018-1122, CVE-2018-1123, CVE-2018-1124
MD5 | 125b82641689b39d696b97a91996bb62
Ubuntu Security Notice USN-3658-1
Posted May 24, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3658-1 - It was discovered that the procps-ng top utility incorrectly read its configuration file from the current working directory. A local attacker could possibly use this issue to escalate privileges. It was discovered that the procps-ng ps tool incorrectly handled memory. A local user could possibly use this issue to cause a denial of service. It was discovered that libprocps incorrectly handled the file2strvec function. A local attacker could possibly use this to execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2018-1122, CVE-2018-1123, CVE-2018-1124, CVE-2018-1125, CVE-2018-1126
MD5 | a8255e951f2f6a7ed7c7e65bf541bf6e
Slackware Security Advisory - procps-ng Updates
Posted May 24, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New procps-ng packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-1122, CVE-2018-1123, CVE-2018-1124, CVE-2018-1125, CVE-2018-1126
MD5 | 7014cc4ca40cac0018c445bf9bddc152
Red Hat Security Advisory 2018-1700-01
Posted May 23, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1700-01 - The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. Issues addressed include a heap overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2018-1124, CVE-2018-1126
MD5 | ab55427ae79c5983e4e50eec9f96bc6e
Procps-ng Audit Report
Posted May 22, 2018
Site qualys.com

Qualys performed an extensive audit of procps-ng. They discovered hundreds of bugs and vulnerabilities.

tags | exploit, vulnerability
advisories | CVE-2018-1120, CVE-2018-1121, CVE-2018-1122, CVE-2018-1123, CVE-2018-1124, CVE-2018-1125, CVE-2018-1126
MD5 | f1ccc03a8fc209831a2c1cce59c6e9f9
Debian Security Advisory 4208-1
Posted May 22, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4208-1 - The Qualys Research Labs discovered multiple vulnerabilities in procps, a set of command line and full screen utilities for browsing procfs.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2018-1122, CVE-2018-1123, CVE-2018-1124, CVE-2018-1125, CVE-2018-1126
MD5 | f85b2103baa8b53441d31885f22b6509
Page 1 of 1
Back1Next

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    11 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close