Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-1125

Опубликовано: 23 мая 2018
Источник: debian

Описание

procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
procpsfixed2:3.3.15-1package

Примечания

  • https://www.openwall.com/lists/oss-security/2018/05/17/1

  • https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt

  • Patch: 0008-pgrep-Prevent-a-potential-stack-based-buffer-overflo.patch

  • https://gitlab.com/procps-ng/procps/commit/b51ca2a1f8ca779f7632ade6a0a259ed882fa584

Связанные уязвимости

ubuntu логотип

CVE-2018-1125

CVSS3: 7.5
ubuntu
больше 7 лет назад

procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.

redhat логотип

CVE-2018-1125

CVSS3: 4.4
redhat
больше 7 лет назад

procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.

nvd логотип

CVE-2018-1125

CVSS3: 7.5
nvd
больше 7 лет назад

procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.

github логотип

GHSA-jpw5-97m6-c8m2

CVSS3: 7.5
github
больше 3 лет назад

procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.

fstec логотип

BDU:2018-01505

CVSS3: 7.5
fstec
больше 7 лет назад

Уязвимость функции pgrep набора консольных приложений для мониторинга и завершения системных процессов Props-ng, позволяющая нарушителю вызвать отказ в обслуживании