Описание
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 2:3.3.12-1ubuntu2.1 |
| bionic | released | 2:3.3.12-3ubuntu1.1 |
| devel | released | 2:3.3.15-2ubuntu1 |
| esm-infra-legacy/trusty | released | 1:3.3.9-1ubuntu2.3 |
| esm-infra/bionic | released | 2:3.3.12-3ubuntu1.1 |
| esm-infra/xenial | released | 2:3.3.10-4ubuntu2.4 |
| precise/esm | not-affected | 1:3.2.8-11ubuntu6.6 |
| trusty | released | 1:3.3.9-1ubuntu2.3 |
| trusty/esm | released | 1:3.3.9-1ubuntu2.3 |
| upstream | released | 3.3.15 |
Показывать по
4.4 Medium
CVSS2
7.3 High
CVSS3
Связанные уязвимости
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.
procps-ng before version 3.3.15 is vulnerable to a local privilege esc ...
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.
ELSA-2019-2189: procps-ng security and bug fix update (MODERATE)
4.4 Medium
CVSS2
7.3 High
CVSS3