CVE-2018-1122
23.05.2018, 14:29
procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| procps-ng_project | procps-ng | 𝑥 < 3.3.15 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
| canonical | ubuntu_linux | 18.04 |
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| libprocps3 |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| libprocps7 |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| libprocps8 |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| procps |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| procps-devel |
|
Red Hat Enterprise Linux Releases
Common Weakness Enumeration
References