Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMBD0CE68DF3C6CE3CDA36F85810075B12F5202DF0CB913DA29669954A0DDE15EC
HistoryDec 19, 2018 - 8:15 p.m.

Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities (procps) vulnerability

2018-12-1920:15:02
www.ibm.com
12

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Summary

IBM Security Guardium has addressed the following vulnerabilities.

Vulnerability Details

CVEID: CVE-2018-1126 DESCRIPTION: procps-ng procps is vulnerable to a buffer overflow, caused by improper bounds checking. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143456&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2018-1124 DESCRIPTION: procps-ng procps could allow a local authenticated attacker to gain elevated privileges on the system, caused by an integer overflow in the file2strvec function in libprocps. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base Score: 7.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143454&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected IBM Security Guardium

|

Affected Versions

—|—
IBM Security Guardium | 10.0 - 10.5

Remediation/Fixes

Product

|

VRMF

|

Remediation / First Fix

—|—|—
IBM Security Guardium | 10.0 - 10.5 |

Customers can upgrade to version 10.6 by downloading from here:
http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM Security&amp;product=ibm/Information+Management/InfoSphere+Guardium&amp;release=10.0&amp;platform=All&amp;function=fixId&amp;fixids=SqlGuard_10.0p600_GPU_Nov-2018-V10.6&amp;includeSupersedes=0&amp;source=fc
Or
Customers currently on version 10.5 with patch 10.0p512 installed can upgrade version 10.5 with bundle 10.0p520 from here:
http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM Security&amp;product=ibm/Information+Management/InfoSphere+Guardium&amp;release=10.0&amp;platform=All&amp;function=fixId&amp;fixids=SqlGuard_10.0p520_Bundle_Dec-06-2018&amp;includeSupersedes=0&amp;source=fc

Workarounds and Mitigations

None

Related

nessus 45
prion 2
openvas 22
debiancve 2
centos 2
ubuntu 2
redhat 7
ibm 6
fedora 2
redhatcve 2
ubuntucve 2
oraclelinux 2
f5 2
amazon 1
osv 4
cvelist 2
cve 2
rosalinux 1
suse 4
debian 3
slackware 1
veracode 2
cloudfoundry 1
photon 4
exploitpack 1
packetstorm 1
exploitdb 1
gentoo 1
zdt 1
nessus
nessus
Oracle Linux 7 : procps-ng (ELSA-2018-1700)
2018-05-24 00:00:00
Fedora 27 : procps-ng (2018-de5de06754)
2018-05-25 00:00:00
CentOS 7 : procps-ng (CESA-2018:1700)
2018-05-30 00:00:00
prion
prion
Integer overflow
2018-05-23 13:29:00
Integer overflow
2018-05-23 13:29:00
openvas
openvas
CentOS Update for procps-ng CESA-2018:1700 centos7
2018-05-30 00:00:00
Ubuntu: Security Advisory (USN-3658-2)
2022-08-26 00:00:00
Huawei EulerOS: Security Advisory for procps-ng (EulerOS-SA-2018-1199)
2020-01-23 00:00:00
debiancve
debiancve
CVE-2018-1126
2018-05-23 13:29:00
CVE-2018-1124
2018-05-23 13:29:00
centos
centos
procps security update
2018-06-01 15:12:08
procps security update
2018-05-29 17:26:08
ubuntu
ubuntu
procps-ng vulnerabilities
2018-06-05 00:00:00
procps-ng vulnerabilities
2018-05-23 00:00:00
redhat
redhat
(RHSA-2018:1777) Important: procps security update
2018-05-31 13:15:29
(RHSA-2018:1700) Important: procps-ng security update
2018-05-23 13:45:48
(RHSA-2018:2267) Important: procps security update
2018-07-26 11:32:54
ibm
ibm
Security Bulletin: Vulnerabilities in procps-ng affect PowerKVM
2018-07-07 00:00:18
Security Bulletin: IBM QRadar Network Security is affected by procps-ng procps vulnerabilities
2018-07-25 14:34:03
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in procps
2023-12-07 22:45:02
fedora
fedora
[SECURITY] Fedora 27 Update: procps-ng-3.3.10-16.fc27
2018-05-24 14:27:09
[SECURITY] Fedora 28 Update: procps-ng-3.3.12-2.fc28
2018-05-22 15:09:03
redhatcve
redhatcve
CVE-2018-1126
2019-10-05 13:49:59
CVE-2018-1124
2018-05-18 05:21:11
ubuntucve
ubuntucve
CVE-2018-1126
2018-05-17 00:00:00
CVE-2018-1124
2018-05-17 00:00:00
oraclelinux
oraclelinux
procps security update
2018-05-31 00:00:00
procps-ng security update
2018-05-23 00:00:00
f5
f5
K83271321 : procps-ng vulnerability CVE-2018-1126
2020-12-28 00:00:00
K16124204 : procps-ng vulnerability CVE-2018-1124
2020-12-28 00:00:00
amazon
amazon
Important: procps-ng
2018-06-07 23:26:00
osv
osv
CVE-2018-1126
2018-05-23 13:29:00
CVE-2018-1124
2018-05-23 13:29:00
procps - security update
2018-05-31 00:00:00
cvelist
cvelist
CVE-2018-1126
2018-05-23 13:00:00
CVE-2018-1124
2018-05-23 13:00:00
cve
cve
CVE-2018-1126
2018-05-23 13:29:00
CVE-2018-1124
2018-05-23 13:29:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1956
2021-07-02 18:00:03
suse
suse
Security update for procps (important)
2019-10-26 00:00:00
Security update for procps (moderate)
2018-06-29 15:30:55
Security update for procps (important)
2019-03-04 00:00:00
debian
debian
[SECURITY] [DSA 4208-1] procps security update
2018-05-22 15:45:46
[SECURITY] [DLA 1390-1] procps security update
2018-05-31 20:24:42
[SECURITY] [DSA 4208-1] procps security update
2018-05-22 15:45:25
slackware
slackware
[slackware-security] procps-ng
2018-05-23 06:37:37
veracode
veracode
Integer Overflow
2019-05-16 03:00:36
Arbitrary Code Execution
2019-01-15 09:23:43
cloudfoundry
cloudfoundry
USN-3658-1: procps-ng vulnerabilities | Cloud Foundry
2018-06-05 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0085
2018-08-15 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0175
2018-08-15 00:00:00
Critical Photon OS Security Update - PHSA-2018-0084
2018-08-15 00:00:00
exploitpack
exploitpack
Procps-ng - Multiple Vulnerabilities
2018-05-30 00:00:00
packetstorm
packetstorm
Procps-ng Audit Report
2018-05-22 00:00:00
exploitdb
exploitdb
Procps-ng - Multiple Vulnerabilities
2018-05-30 00:00:00
gentoo
gentoo
procps: Multiple vulnerabilities
2018-05-30 00:00:00
zdt
zdt
Procps-ng - Multiple Vulnerabilities
2018-05-30 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for BD0CE68DF3C6CE3CDA36F85810075B12F5202DF0CB913DA29669954A0DDE15EC
nessus45prion2openvas22debiancve2centos2ubuntu2redhat7ibm6fedora2redhatcve2ubuntucve2oraclelinux2f52amazon1osv4cvelist2cve2rosalinux1suse4debian3slackware1veracode2cloudfoundry1photon4exploitpack1packetstorm1exploitdb1gentoo1zdt1