Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Debian 7 Wheezy: DLA-1390-1 High: Procps Privilege Escalation Risks

debian lts
Calendar Grey May 31, 2018
Dist Debian Esm H88
Numerous vulnerabilities have been addressed in procps for Debian 7 Wheezy. It is advisable to upgrade to minimize potential threats.
The Qualys Research Labs discovered multiple vulnerabilities in procps, a set of command line and full screen utilities for browsing procfs

Summary

top read its configuration from the current working directory if no
$HOME was configured. If top were started from a directory writable
by the attacker (such as /tmp) this could result in local privilege
escalation.

CVE-2018-1123

Denial of service against the ps invocation of another user.

CVE-2018-1124

An integer overflow in the file2strvec() function of libprocps could
result in local privilege escalation.

CVE-2018-1125

A stack-based buffer overflow in pgrep could result in denial
of service for a user using pgrep for inspecting a specially
crafted process.

CVE-2018-1126

Incorrect integer size parameters used in wrappers for standard C
allocators could cause integer truncation and lead to integer
overflow issues.


For Debian 7 "Wheezy", these problems have been fixed in version
1:3.3.3.3+deb7u1.

We recommend that you upgrade your procps packages.

The Debian LTS team would like to thank Abhijith PA for preparing this update.

Read the Full Advisory


<pre><font face="Courier">Package: procps
Version: 1:3.3.3.3+deb7u1
CVE ID: CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125
Debian Bug: #899170

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here