EulerOS Virtualization 2.5.1 : procps-ng (EulerOS-SA-2018-1326)

According to the versions of the procps-ng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - If the HOME environment variable is unset or empty, top will read its configuration file from the current working directory...

Linux Kernel 4.11.8 - mq_notify: double sock_put() Local Privilege Escalation

Linux Kernel 4.11.8 - mqnotify: double sockput Local Privilege Escalation / CVE-2017-11176: "mqnotify: double sockput" by LEXFO 2018. DISCLAIMER: The following code is for EDUCATIONAL purpose only. Do not use it on a system without authorizations. WARNING: The exploit WILL NOT work on your target...

CVE-2018-1782

IBM GPFS IBM Spectrum Scale 5.0.1.0 and 5.0.1.1 allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. IBM X-Force ID: 148805...

CVE-2018-1782

IBM GPFS IBM Spectrum Scale 5.0.1.0 and 5.0.1.1 allows a local, unprivileged user to cause a kernel panic on a node running GPFS by accessing a file that is stored on a GPFS file system with mmap, or by executing a crafted file stored on a GPFS file system. IBM X-Force ID: 148805...

openSUSE Security Update : the Linux Kernel (openSUSE-2018-762) (Spectre)

The openSUSE Leap 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-13406: An integer overflow in the uvesafbsetcmap function could have result in local attackers being able to crash the kernel or potentially elevate privileges...

Security update for the Linux Kernel (important)

The openSUSE Leap 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-13406: An integer overflow in the uvesafbsetcmap function could have result in local attackers being able to crash the kernel or potentially elevate privileges...

Linux Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass Exploit

Exploit for linux platform in category dos / poc / Note: I am both sending this bug report to email protected and filing it in the Ubuntu bugtracker because I can't tell whether this counts as a kernel bug or as a Ubuntu bug. You may wish to talk to each other to determine the best place to fix...

Virtuozzo 7 : readykernel-patch (VZA-2018-045)

According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environment strings, an...

Linux #Ubuntu Coredump Reading Access Bypass Vulnerability

Linux/Ubuntu suffers from a vulnerability where other users' coredumps can be read via a setgid directory and killpriv bypass. Linux/Ubuntu: other users' coredumps can be read via setgid directory and killpriv bypass Note: I am both sending this bug report to email protected and filing it in the...

Linux kernel slab out-of-bounds write vulnerability

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in Linux kernel version 4.17.2 and earlier. The vulnerability can be exploited by an attacker to cause a denial of service slab...

CVE-2018-12714

An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/traceeventsfilter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows attackers to cause a denial ...

Design/Logic Flaw

A flaw was found affecting the Linux kernel before version 4.17. By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environment strings, an attacker can cause utilities from psutils or procps such as ps, w or any other program which makes a read call to the...

CVE-2018-1120

CVE-2018-1120 affects the Linux kernel prior to 4.17. By mmap()ing a FUSE-backed file into a process’s memory that contains command line arguments or environment strings, a local attacker can cause utilities that read /proc//cmdline or /proc//environ (e.g., ps, w) to block indefinitely or for a b...

Ubuntu: Security Advisory (USN-3677-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3674-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Buffer overflow

procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash temporary denial of service...

CVE-2018-1123

procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash temporary denial of service...

CVE-2018-1123

procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash temporary denial of service...

DEBIAN-CVE-2018-1123

procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash temporary denial of service...

CVE-2018-1123

The CVE-2018-1123 issue affects procps-ng (ps) where an mmap-based buffer overflow allows a denial of service, with inbuilt guard paging limiting impact to a crash. Affected version: procps-ng before 3.3.15; mitigation is to upgrade to 3.3.15 or newer where the issue is addressed. The vulnerabili...