CVE-2018-1126

🗓️ 23 May 2018 13:00:00Reported by redhatType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 374 Views🌐 WEB

procps-ng before version 3.3.15 incorrect integer size vulnerabilit

Reporter	Title	Published	Views	Family All 149
IBM Security Bulletins	Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in procps	7 Dec 202322:45	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Ubuntu affect IBM API Connect Developer Portal	23 Jun 201802:50	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in procps affect IBM BladeCenter Advanced Management Module (AMM)	11 Oct 201815:50	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in procps-ng affect PowerKVM	7 Jul 201800:00	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Network Security is affected by procps-ng procps vulnerabilities	25 Jul 201814:34	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities (procps) vulnerability	19 Dec 201820:15	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in procps	7 Dec 202322:45	–	ibm
0day.today	Procps-ng - Multiple Vulnerabilities	30 May 201800:00	–	zdt
Tenable Nessus	Amazon Linux 2 : procps-ng (ALAS-2018-1031)	12 Jun 201800:00	–	nessus
Tenable Nessus	CentOS 7 : procps-ng (CESA-2018:1700)	30 May 201800:00	–	nessus

NVD

Vulners

Node

procps-ng_project procps-ngRange<3.3.15

Node

canonical ubuntu_linuxMatch14.04lts

canonical ubuntu_linuxMatch16.04lts

canonical ubuntu_linuxMatch17.10

canonical ubuntu_linuxMatch18.04lts

Node

debian debian_linuxMatch7.0

debian debian_linuxMatch8.0

debian debian_linuxMatch9.0

Node

redhat enterprise_linuxMatch7.0

redhat enterprise_linux_desktopMatch7.0

redhat enterprise_linux_serverMatch7.0

redhat enterprise_linux_serverMatch7.5

redhat enterprise_linux_server_ausMatch6.6

redhat enterprise_linux_server_tusMatch6.6

redhat enterprise_linux_workstationMatch7.0

Node

schneider-electric struxureware_data_center_expertRange<7.6.0

[
  {
    "product": "procps-ng, procps",
    "vendor": "[UNKNOWN]",
    "versions": [
      {
        "status": "affected",
        "version": "procps-ng 3.3.15"
      }
    ]
  }
]

Source	Link
usn	www.usn.ubuntu.com/3658-1/
usn	www.usn.ubuntu.com/3658-2/
debian	www.debian.org/security/2018/dsa-4208
securitytracker	www.securitytracker.com/id/1041057
access	www.access.redhat.com/errata/RHSA-2018:2267
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
lists	www.lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html
seclists	www.seclists.org/oss-sec/2018/q2/122
access	www.access.redhat.com/errata/RHSA-2018:1777
help	www.help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0

Parameter	Position	Path	Description	CWE
PID/cmdline	path	/proc/PID/cmdline	FUSE-backed /proc/PID/cmdline exploit enabling denial of service or synchronization tool via mmap on command-line arguments	CWE-190
cmdline	path	/proc/PID/cmdline	Exploitation in libprocps via file2strvec() integer overflows to corrupt argv/environ for LPE	CWE-190
environ	path	/proc/PID/cmdline	Exploitation in libprocps via file2strvec() integer overflows to corrupt argv/environ for LPE	CWE-190

21 Nov 2024 03:59Current

7.7High risk

Vulners AI Score7.7

CVSS 27.5

CVSS 34.8 - 9.8

EPSS0.0049

SSVC

CWE-190