SB2019102606 - OpenSUSE Linux update for procps 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019102606

SB2019102606 - OpenSUSE Linux update for procps

Published: October 26, 2019

Security Bulletin ID SB2019102606
Severity
High
Patch available
YES
Number of vulnerabilities 16
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 25% Low 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 16 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2018-11224)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the in_table_init16 function in libavcodec/aacsbr.c. A remote attacker can perform denial of service attack.


2) Command injection (CVE-ID: CVE-2018-11229)

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to command injection in Crestron Toolbox Protocol (CTP). A remote unauthenticated attacker can submit a specially crafted input and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) OS command injection (CVE-ID: CVE-2018-11228)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote unauthenticated attacker can submit a specially crafted input via a Bash shell service in Crestron Toolbox Protocol (CTP) and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


4) Privilege escalation (CVE-ID: CVE-2018-1122)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to top reads its configuration file from the current working directory, without any security check, if the HOME environment variable is unset or empty. A local attacker can exploit one of several vulnerabilities in top's config_file() function, execute top in /tmp (for example) and gain elevated privileges.

5) Buffer overflow (CVE-ID: CVE-2018-11237)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to an AVX-512-optimized implementation of the mempcpy function may write data beyond the target buffer. A local attacker can trigger buffer overflow in __mempcpy_avx512_no_vzeroupper and execute arbitrary code with elevated privileges.

6) Improper input validation (CVE-ID: CVE-2018-11233)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to input validation flaw in processing path names on NTFS-based systems. A remote attacker can supply specially crafted path names and read random memory contents.

7) Improper input validation (CVE-ID: CVE-2018-11235)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to improper validation of submodule "names" supplied via the untrusted .gitmodules file when appending them to the '$GIT_DIR/modules' directory. A remote attacker can return specially crafted data to create or overwrite files on the target user's system when the repository is cloned and execute arbitrary code with elevated privileges.

8) Memory corruption (CVE-ID: CVE-2018-11236)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists in the stdlib/canonicalize.c source code in the GNU glibc library due to improper processing of long pathname arguments to the realpath function. A local unauthenticated attacker can send long pathname arguments to a targeted system that is using 32-bit architecture, trigger an integer overflow condition that can lead to stack-based buffer overflow condition and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


9) Buffer overflow (CVE-ID: CVE-2018-1123)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to ps mmap()s its output buffer and mprotect()s its last page with PROT_NONE (an effective guard page). A remote attacker can trick the victim into opening a specially crafted input, overflow the output buffer of ps and cause the service to crash.

10) Improper input validation (CVE-ID: CVE-2018-11232)

The vulnerability allows a local unauthenticated attacker to cause DoS condition on the target system. 

The weakness exists in the etm_setup_aux function due to improper validation of parameters. A local attacker can send specially crafted requests and cause the service to crash.


11) Integer overflow (CVE-ID: CVE-2018-1124)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to integer overflow in libprocps's file2strvec() function. A local attacker can execute a vulnerable utility (pgrep, pidof, pkill, and w are vulnerable by default; other utilities are vulnerable if executed with non-default options) and gain elevated privileges.

12) Privilege escalation (CVE-ID: CVE-2018-11258)

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to a flaw in the Qualcomm closed-source components. A remote attacker can bypass user interaction requirements and gain elevated privileges.


13) Buffer over-read (CVE-ID: CVE-2018-11251)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a specially crafted SUN image file. A remote attacker can perform a denial of service attack.


14) Stack-based buffer overflow (CVE-ID: CVE-2018-1125)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow. A remote attacker can send a specially crafted request, trigger memory corruption and execute arbitrary code with elevated privileges.


15) Privilege escalation (CVE-ID: CVE-2018-11260)

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to flaws in the Qualcomm component. A remote attacker can bypass user interaction requirements and gain elevated privileges.


16) Buffer overflow (CVE-ID: CVE-2018-1126)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to improper bounds checking. A remote attacker can send a specially crafted request, trigger memory corruption and execute arbitrary code with elevated privileges.


Remediation

Install update from vendor's website.

References