Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cloudfoundryCloud FoundryCFOUNDRY:3AF1B4C88568790CEE3553421FBAC70F
HistoryJun 05, 2018 - 12:00 a.m.

USN-3658-1: procps-ng vulnerabilities | Cloud Foundry

2018-06-0500:00:00
Cloud Foundry
www.cloudfoundry.org
69

0.006 Low

EPSS

Percentile

78.0%

JSON

Severity

Medium

Vendor

Canonical Ubuntu

Versions Affected

  • Canonical Ubuntu 14.04

Description

It was discovered that the procps-ng top utility incorrectly read its configuration file from the current working directory. A local attacker could possibly use this issue to escalate privileges. (CVE-2018-1122)

It was discovered that the procps-ng ps tool incorrectly handled memory. A local user could possibly use this issue to cause a denial of service. (CVE-2018-1123)

It was discovered that libprocps incorrectly handled the file2strvec() function. A local attacker could possibly use this to execute arbitrary code. (CVE-2018-1124)

It was discovered that the procps-ng pgrep utility incorrectly handled memory. A local attacker could possibly use this issue to cause de denial of service. (CVE-2018-1125)

It was discovered that procps-ng incorrectly handled memory. A local attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. (CVE-2018-1126)

Affected Cloud Foundry Products and Versions

Severity is medium unless otherwise noted.

  • Cloud Foundry BOSH stemcells are vulnerable, including:
    • 3363.x versions prior to 3363.64
    • 3421.x versions prior to 3421.64
    • 3445.x versions prior to 3445.49
    • 3468.x versions prior to 3468.47
    • 3541.x versions prior to 3541.30
    • 3586.x versions prior to 3586.16
    • All other stemcells not listed.
  • All versions of Cloud Foundry cflinuxfs2 prior to 1.210.0

Mitigation

OSS users are strongly encouraged to follow one of the mitigations below:

  • The Cloud Foundry project recommends upgrading the following BOSH stemcells:
    • Upgrade 3363.x versions to 3363.64
    • Upgrade 3421.x versions to 3421.64
    • Upgrade 3445.x versions to 3445.49
    • Upgrade 3468.x versions to 3468.47
    • Upgrade 3541.x versions to 3541.30
    • Upgrade 3586.x versions to 3586.16
    • All other stemcells should be upgraded to the latest version available on bosh.io.
  • The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 version 1.210.0 or later.

References

Related

nessus 66
debian 3
ibm 7
suse 4
openvas 25
osv 7
ubuntu 3
slackware 1
rosalinux 1
photon 4
packetstorm 1
exploitpack 1
redhat 11
ubuntucve 5
redhatcve 5
cve 5
nvd 5
cvelist 5
gentoo 1
oraclelinux 4
fedora 2
f5 3
amazon 2
centos 3
prion 5
debiancve 5
exploitdb 1
zdt 1
veracode 4
nessus
nessus
SUSE SLES11 Security Update : procps (SUSE-SU-2018:2042-1)
2018-07-24 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : procps-ng vulnerabilities (USN-3658-1)
2018-05-24 00:00:00
Debian DLA-1390-1 : procps security update
2018-06-05 00:00:00
debian
debian
[SECURITY] [DSA 4208-1] procps security update
2018-05-22 15:45:25
[SECURITY] [DLA 1390-1] procps security update
2018-05-31 20:24:15
[SECURITY] [DSA 4208-1] procps security update
2018-05-22 15:45:25
ibm
ibm
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in procps
2023-12-07 22:45:02
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in procps
2023-12-07 22:45:03
Security Bulletin: Vulnerabilities in procps affect IBM BladeCenter Advanced Management Module (AMM)
2018-10-11 15:50:01
suse
suse
Security update for procps (important)
2019-10-26 00:00:00
Security update for procps (important)
2019-03-04 00:00:00
Security update for procps (important)
2019-10-26 00:00:00
openvas
openvas
openSUSE: Security Advisory for procps (openSUSE-SU-2018:1848-1)
2018-06-30 00:00:00
openSUSE: Security Advisory for procps (openSUSE-SU-2019:2376-1)
2020-01-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:1836-1)
2021-04-19 00:00:00
osv
osv
procps - security update
2018-05-22 00:00:00
procps - security update
2018-05-31 00:00:00
CVE-2018-1126
2018-05-23 13:29:00
ubuntu
ubuntu
procps-ng vulnerabilities
2018-05-23 00:00:00
procps-ng vulnerabilities
2018-08-16 00:00:00
procps-ng vulnerabilities
2018-06-05 00:00:00
slackware
slackware
[slackware-security] procps-ng
2018-05-23 06:37:37
rosalinux
rosalinux
Advisory ROSA-SA-2021-1956
2021-07-02 18:00:03
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0085
2018-08-15 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0175
2018-08-15 00:00:00
Critical Photon OS Security Update - PHSA-2018-0175
2018-08-15 00:00:00
packetstorm
packetstorm
Procps-ng Audit Report
2018-05-22 00:00:00
exploitpack
exploitpack
Procps-ng - Multiple Vulnerabilities
2018-05-30 00:00:00
redhat
redhat
(RHSA-2018:2267) Important: procps security update
2018-07-26 11:32:54
(RHSA-2018:1820) Important: Red Hat Virtualization security, bug fix, and enhancement update
2018-06-11 06:46:17
(RHSA-2018:2268) Important: procps security update
2018-07-26 12:46:19
ubuntucve
ubuntucve
CVE-2018-1126
2018-05-17 00:00:00
CVE-2018-1123
2018-05-17 00:00:00
CVE-2018-1124
2018-05-17 00:00:00
redhatcve
redhatcve
CVE-2018-1126
2019-10-05 13:49:59
CVE-2018-1124
2018-05-18 05:21:11
CVE-2018-1122
2018-05-18 05:20:23
cve
cve
CVE-2018-1126
2018-05-23 13:29:00
CVE-2018-1123
2018-05-23 14:29:00
CVE-2018-1124
2018-05-23 13:29:00
nvd
nvd
CVE-2018-1126
2018-05-23 13:29:00
CVE-2018-1123
2018-05-23 14:29:00
CVE-2018-1124
2018-05-23 13:29:00
cvelist
cvelist
CVE-2018-1126
2018-05-23 13:00:00
CVE-2018-1123
2018-05-23 14:00:00
CVE-2018-1124
2018-05-23 13:00:00
gentoo
gentoo
procps: Multiple vulnerabilities
2018-05-30 00:00:00
oraclelinux
oraclelinux
procps-ng security update
2018-05-23 00:00:00
procps security update
2018-05-31 00:00:00
procps-ng security and bug fix update
2019-08-13 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: procps-ng-3.3.12-2.fc28
2018-05-22 15:09:03
[SECURITY] Fedora 27 Update: procps-ng-3.3.10-16.fc27
2018-05-24 14:27:09
f5
f5
K83271321 : procps-ng vulnerability CVE-2018-1126
2020-12-28 00:00:00
K16124204 : procps-ng vulnerability CVE-2018-1124
2020-12-28 00:00:00
K00409335 : procps-ng vulnerability CVE-2018-1122
2020-12-29 00:00:00
amazon
amazon
Important: procps-ng
2018-06-07 23:26:00
Medium: procps-ng
2019-10-21 18:01:00
centos
centos
procps security update
2018-06-01 15:12:08
procps security update
2018-05-29 17:26:08
procps security update
2019-08-30 03:59:50
prion
prion
Integer overflow
2018-05-23 13:29:00
Buffer overflow
2018-05-23 14:29:00
Privilege escalation
2018-05-23 14:29:00
debiancve
debiancve
CVE-2018-1126
2018-05-23 13:29:00
CVE-2018-1124
2018-05-23 13:29:00
CVE-2018-1123
2018-05-23 14:29:00
exploitdb
exploitdb
Procps-ng - Multiple Vulnerabilities
2018-05-30 00:00:00
zdt
zdt
Procps-ng - Multiple Vulnerabilities
2018-05-30 00:00:00
veracode
veracode
Integer Overflow
2019-05-16 03:00:36
Arbitrary Code Execution
2019-01-15 09:23:43
Privilege Escalation
2019-08-08 00:07:55

0.006 Low

EPSS

Percentile

78.0%

JSON
Related for CFOUNDRY:3AF1B4C88568790CEE3553421FBAC70F
nessus66debian3ibm7suse4openvas25osv7ubuntu3slackware1rosalinux1photon4packetstorm1exploitpack1redhat11ubuntucve5redhatcve5cve5nvd5cvelist5gentoo1oraclelinux4fedora2f53amazon2centos3prion5debiancve5exploitdb1zdt1veracode4