SB2018070203 - OpenSUSE Linux update for procps

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Privilege escalation (CVE-ID: CVE-2018-1122)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to top reads its configuration file from the current working directory, without any security check, if the HOME environment variable is unset or empty. A local attacker can exploit one of several vulnerabilities in top's config_file() function, execute top in /tmp (for example) and gain elevated privileges.

2) Buffer overflow (CVE-ID: CVE-2018-1123)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to ps mmap()s its output buffer and mprotect()s its last page with PROT_NONE (an effective guard page). A remote attacker can trick the victim into opening a specially crafted input, overflow the output buffer of ps and cause the service to crash.

3) Integer overflow (CVE-ID: CVE-2018-1124)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to integer overflow in libprocps's file2strvec() function. A local attacker can execute a vulnerable utility (pgrep, pidof, pkill, and w are vulnerable by default; other utilities are vulnerable if executed with non-default options) and gain elevated privileges.

4) Stack-based buffer overflow (CVE-ID: CVE-2018-1125)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

5) Buffer overflow (CVE-ID: CVE-2018-1126)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

References

• https://lists.opensuse.org/opensuse-security-announce/2018-06/msg00051.html