Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-1124

Опубликовано: 23 мая 2018
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.6
CVSS3: 7.8

Описание

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.

РелизСтатусПримечание
artful

released

2:3.3.12-1ubuntu2.1
bionic

released

2:3.3.12-3ubuntu1.1
devel

released

2:3.3.15-2ubuntu1
esm-infra-legacy/trusty

released

1:3.3.9-1ubuntu2.3
esm-infra/bionic

released

2:3.3.12-3ubuntu1.1
esm-infra/xenial

released

2:3.3.10-4ubuntu2.4
precise/esm

not-affected

1:3.2.8-11ubuntu6.5
trusty

released

1:3.3.9-1ubuntu2.3
trusty/esm

released

1:3.3.9-1ubuntu2.3
upstream

released

3.3.15

Показывать по

Ссылки на источники

EPSS

Процентиль: 62%
0.00432
Низкий

4.6 Medium

CVSS2

7.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-1124

CVSS3: 7.3
redhat
больше 7 лет назад

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.

nvd логотип

CVE-2018-1124

CVSS3: 7.8
nvd
больше 7 лет назад

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.

debian логотип

CVE-2018-1124

CVSS3: 7.8
debian
больше 7 лет назад

procps-ng before version 3.3.15 is vulnerable to multiple integer over ...

github логотип

GHSA-6m7w-m36x-76pq

CVSS3: 7.8
github
больше 3 лет назад

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.

fstec логотип

BDU:2019-00182

CVSS3: 7.8
fstec
больше 7 лет назад

Уязвимость функции file2strvec набора консольных приложений для мониторинга и завершения системных процессов Props-ng, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 62%
0.00432
Низкий

4.6 Medium

CVSS2

7.8 High

CVSS3