388 matches found
[SECURITY] Fedora 28 Update: procps-ng-3.3.12-2.fc28
The procps package contains a set of system utilities that provide system information. Procps includes ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch and pwdx. The ps command displays a snapshot of running processes. The top command provides a repetitive update of the...
Procps-ng Audit Report
Qualys Security Advisory Procps-ng Audit Report ======================================================================== Contents ======================================================================== Summary 1. FUSE-backed /proc/PID/cmdline 2. Unprivileged process hiding 3. Local Privilege...
DSA-4208-1 procps - security update
Bulletin has no description...
Debian: Security Advisory (DSA-4208-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2018-1125
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat to a stack-allocated string. When pgrep is compiled with FORTIFY as on Red Hat Enterprise Linux and Fedora, the impact is limited to a crash...
CVE-2018-1121
procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's procpidreaddir returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower...
CVE-2018-1124
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code executi...
CVE-2018-1120
A flaw was found affecting the Linux kernel before version 4.17. By mmaping a FUSE-backed file onto a process's memory containing command line arguments or environment strings, an attacker can cause utilities from psutils or procps such as ps, w or any other program which makes a read call to the...
CVE-2018-1123
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash temporary denial of service...
CVE-2018-1122
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the configfile function...
CVE-2018-1126
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc. leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124...
UBUNTU-CVE-2018-1125
procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat to a stack-allocated string. When pgrep is compiled with FORTIFY as on Red Hat Enterprise Linux and Fedora, the impact is limited to a crash...
UBUNTU-CVE-2018-1124
procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code executi...
UBUNTU-CVE-2018-1121
procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's procpidreaddir returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower...
UBUNTU-CVE-2018-1126
procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc. leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124...
UBUNTU-CVE-2018-1123
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash temporary denial of service...
UBUNTU-CVE-2018-1122
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the configfile function...
PT-2018-1901
Name of the Vulnerable Software and Affected Versions procps-ng versions prior to 3.3.15 Description The issue is related to a stack buffer overflow error in the pgrep function of the procps-ng set of console applications for monitoring and terminating system processes. This error can be exploite...
PT-2018-10400
Name of the Vulnerable Software and Affected Versions procps-ng versions prior to 3.3.15 Description The issue allows an unprivileged attacker to hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This is achieved through a process occupying a...
SUSE-SU-2017:2674-1 Security update for Salt
This update for salt fixes one security issue and bugs: The following security issue has been fixed: - CVE-2017-12791: Directory traversal vulnerability in minion id validation allowed remote minions with incorrect credentials to authenticate to a master via a crafted minion ID bsc1053955...