Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-1122

Опубликовано: 23 мая 2018
Источник: nvd
CVSS3: 7.3
CVSS3: 7
CVSS2: 4.4
EPSS Низкий

Описание

procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:procps-ng_project:procps-ng:*:*:*:*:*:*:*:*
Версия до 3.3.15 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 54%
0.00317
Низкий

7.3 High

CVSS3

7 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-829
NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2018-1122

CVSS3: 7.3
ubuntu
больше 7 лет назад

procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.

redhat логотип

CVE-2018-1122

CVSS3: 6.7
redhat
больше 7 лет назад

procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.

debian логотип

CVE-2018-1122

CVSS3: 7.3
debian
больше 7 лет назад

procps-ng before version 3.3.15 is vulnerable to a local privilege esc ...

github логотип

GHSA-mphr-mvhq-p32f

CVSS3: 7
github
больше 3 лет назад

procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.

oracle-oval логотип

ELSA-2019-2189

oracle-oval
больше 6 лет назад

ELSA-2019-2189: procps-ng security and bug fix update (MODERATE)

EPSS

Процентиль: 54%
0.00317
Низкий

7.3 High

CVSS3

7 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-829
NVD-CWE-noinfo