Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMBD0CE68DF3C6CE3CDA36F85810075B12F5202DF0CB913DA29669954A0DDE15EC
HistoryDec 19, 2018 - 8:15 p.m.

Security Bulletin: IBM Security Guardium is affected by a Using Components with Known Vulnerabilities (procps) vulnerability

2018-12-1920:15:02
www.ibm.com
13

0.005 Low

EPSS

Percentile

77.6%

JSON

Summary

IBM Security Guardium has addressed the following vulnerabilities.

Vulnerability Details

CVEID: CVE-2018-1126 DESCRIPTION: procps-ng procps is vulnerable to a buffer overflow, caused by improper bounds checking. By sending a specially-crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVSS Base Score: 7.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143456&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2018-1124 DESCRIPTION: procps-ng procps could allow a local authenticated attacker to gain elevated privileges on the system, caused by an integer overflow in the file2strvec function in libprocps. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base Score: 7.8
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143454&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected IBM Security Guardium

|

Affected Versions

—|—
IBM Security Guardium | 10.0 - 10.5

Remediation/Fixes

Product

|

VRMF

|

Remediation / First Fix

—|—|—
IBM Security Guardium | 10.0 - 10.5 |

Customers can upgrade to version 10.6 by downloading from here:
http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM Security&amp;product=ibm/Information+Management/InfoSphere+Guardium&amp;release=10.0&amp;platform=All&amp;function=fixId&amp;fixids=SqlGuard_10.0p600_GPU_Nov-2018-V10.6&amp;includeSupersedes=0&amp;source=fc
Or
Customers currently on version 10.5 with patch 10.0p512 installed can upgrade version 10.5 with bundle 10.0p520 from here:
http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM Security&amp;product=ibm/Information+Management/InfoSphere+Guardium&amp;release=10.0&amp;platform=All&amp;function=fixId&amp;fixids=SqlGuard_10.0p520_Bundle_Dec-06-2018&amp;includeSupersedes=0&amp;source=fc

Workarounds and Mitigations

None

Related

oraclelinux 2
nessus 46
fedora 2
f5 2
ibm 6
amazon 1
redhat 7
openvas 22
osv 4
cve 2
nvd 2
cvelist 2
redhatcve 2
ubuntucve 2
centos 2
ubuntu 2
prion 2
debiancve 2
rosalinux 1
suse 4
cloudfoundry 1
debian 3
slackware 1
veracode 2
packetstorm 1
photon 4
exploitpack 1
exploitdb 1
gentoo 1
zdt 1
oraclelinux
oraclelinux
procps-ng security update
2018-05-23 00:00:00
procps security update
2018-05-31 00:00:00
nessus
nessus
RHEL 6 : procps (RHSA-2018:2267)
2018-07-27 00:00:00
Scientific Linux Security Update : procps-ng on SL7.x x86_64 (20180523)
2018-05-24 00:00:00
NewStart CGSL MAIN 4.05 : procps Multiple Vulnerabilities (NS-SA-2019-0155)
2019-08-12 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: procps-ng-3.3.12-2.fc28
2018-05-22 15:09:03
[SECURITY] Fedora 27 Update: procps-ng-3.3.10-16.fc27
2018-05-24 14:27:09
f5
f5
K83271321 : procps-ng vulnerability CVE-2018-1126
2020-12-28 00:00:00
K16124204 : procps-ng vulnerability CVE-2018-1124
2020-12-28 00:00:00
ibm
ibm
Security Bulletin: IBM QRadar Network Security is affected by procps-ng procps vulnerabilities
2018-07-25 14:34:03
Security Bulletin: Vulnerabilities in procps-ng affect PowerKVM
2018-07-07 00:00:18
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in procps
2023-12-07 22:45:03
amazon
amazon
Important: procps-ng
2018-06-07 23:26:00
redhat
redhat
(RHSA-2019:1944) Important: procps-ng security update
2019-07-30 08:22:54
(RHSA-2018:2268) Important: procps security update
2018-07-26 12:46:19
(RHSA-2018:2267) Important: procps security update
2018-07-26 11:32:54
openvas
openvas
CentOS Update for procps CESA-2018:1777 centos6
2018-06-02 00:00:00
Huawei EulerOS: Security Advisory for procps-ng (EulerOS-SA-2018-1274)
2020-01-23 00:00:00
Fedora Update for procps-ng FEDORA-2018-bba8fed5ab
2018-05-23 00:00:00
osv
osv
CVE-2018-1126
2018-05-23 13:29:00
procps - security update
2018-05-22 00:00:00
procps - security update
2018-05-31 00:00:00
cve
cve
CVE-2018-1126
2018-05-23 13:29:00
CVE-2018-1124
2018-05-23 13:29:00
nvd
nvd
CVE-2018-1126
2018-05-23 13:29:00
CVE-2018-1124
2018-05-23 13:29:00
cvelist
cvelist
CVE-2018-1126
2018-05-23 13:00:00
CVE-2018-1124
2018-05-23 13:00:00
redhatcve
redhatcve
CVE-2018-1126
2019-10-05 13:49:59
CVE-2018-1124
2018-05-18 05:21:11
ubuntucve
ubuntucve
CVE-2018-1126
2018-05-17 00:00:00
CVE-2018-1124
2018-05-17 00:00:00
centos
centos
procps security update
2018-06-01 15:12:08
procps security update
2018-05-29 17:26:08
ubuntu
ubuntu
procps-ng vulnerabilities
2018-06-05 00:00:00
procps-ng vulnerabilities
2018-05-23 00:00:00
prion
prion
Integer overflow
2018-05-23 13:29:00
Integer overflow
2018-05-23 13:29:00
debiancve
debiancve
CVE-2018-1126
2018-05-23 13:29:00
CVE-2018-1124
2018-05-23 13:29:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1956
2021-07-02 18:00:03
suse
suse
Security update for procps (important)
2019-03-04 00:00:00
Security update for procps (important)
2019-10-26 00:00:00
Security update for procps (moderate)
2018-06-29 15:30:55
cloudfoundry
cloudfoundry
USN-3658-1: procps-ng vulnerabilities | Cloud Foundry
2018-06-05 00:00:00
debian
debian
[SECURITY] [DSA 4208-1] procps security update
2018-05-22 15:45:25
[SECURITY] [DLA 1390-1] procps security update
2018-05-31 20:24:15
[SECURITY] [DSA 4208-1] procps security update
2018-05-22 15:45:25
slackware
slackware
[slackware-security] procps-ng
2018-05-23 06:37:37
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:23:43
Integer Overflow
2019-05-16 03:00:36
packetstorm
packetstorm
Procps-ng Audit Report
2018-05-22 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0085
2018-08-15 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0175
2018-08-15 00:00:00
Critical Photon OS Security Update - PHSA-2018-0175
2018-08-15 00:00:00
exploitpack
exploitpack
Procps-ng - Multiple Vulnerabilities
2018-05-30 00:00:00
exploitdb
exploitdb
Procps-ng - Multiple Vulnerabilities
2018-05-30 00:00:00
gentoo
gentoo
procps: Multiple vulnerabilities
2018-05-30 00:00:00
zdt
zdt
Procps-ng - Multiple Vulnerabilities
2018-05-30 00:00:00

0.005 Low

EPSS

Percentile

77.6%

JSON
Related for BD0CE68DF3C6CE3CDA36F85810075B12F5202DF0CB913DA29669954A0DDE15EC
oraclelinux2nessus46fedora2f52ibm6amazon1redhat7openvas22osv4cve2nvd2cvelist2redhatcve2ubuntucve2centos2ubuntu2prion2debiancve2rosalinux1suse4cloudfoundry1debian3slackware1veracode2packetstorm1photon4exploitpack1exploitdb1gentoo1zdt1