7.3
CVE-2018-1122
- EPSS 1.3%
- Veröffentlicht 23.05.2018 14:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:13
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Procps-ng Project ≫ Procps-ng Version < 3.3.15
Canonical ≫ Ubuntu Linux Version12.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version14.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version17.10
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Debian ≫ Debian Linux Version7.0
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.3% | 0.667 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7 | 1 | 5.9 |
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.4 | 3.4 | 6.4 |
AV:L/AC:M/Au:N/C:P/I:P/A:P
|
| secalert@redhat.com | 7.3 | 1.3 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
|
CWE-829 Inclusion of Functionality from Untrusted Control Sphere
The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html
http://seclists.org/oss-sec/2018/q2/122
http://www.securityfocus.com/bid/104214
https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html
https://security.gentoo.org/glsa/201805-14
https://usn.ubuntu.com/3658-1/
https://www.debian.org/security/2018/dsa-4208
https://www.exploit-db.com/exploits/44806/
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
https://access.redhat.com/errata/RHSA-2019:2189
https://access.redhat.com/errata/RHSA-2020:0595
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1122
https://usn.ubuntu.com/3658-3/