OpenSUSE Linux update for procps



Published: 2019-10-26
Risk High
Patch available YES
Number of vulnerabilities 16
CVE-ID CVE-2018-11224
CVE-2018-11229
CVE-2018-11228
CVE-2018-1122
CVE-2018-11237
CVE-2018-11233
CVE-2018-11235
CVE-2018-11236
CVE-2018-1123
CVE-2018-11232
CVE-2018-1124
CVE-2018-11258
CVE-2018-11251
CVE-2018-1125
CVE-2018-11260
CVE-2018-1126
CWE-ID CWE-20
CWE-77
CWE-78
CWE-264
CWE-120
CWE-119
CWE-190
CWE-125
CWE-121
Exploitation vector Network
Public exploit Public exploit code for vulnerability #3 is available.
Public exploit code for vulnerability #4 is available.
Public exploit code for vulnerability #7 is available.
Public exploit code for vulnerability #9 is available.
Public exploit code for vulnerability #11 is available.
Public exploit code for vulnerability #14 is available.
Public exploit code for vulnerability #16 is available.
Vulnerable software
Subscribe
Opensuse
Operating systems & Components / Operating system

Vendor SUSE

Security Bulletin

This security bulletin contains information about 16 vulnerabilities.

1) Input validation error

EUVDB-ID: #VU19519

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L/E:U/RL:U/RC:C]

CVE-ID: CVE-2018-11224

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the in_table_init16 function in libavcodec/aacsbr.c. A remote attacker can perform denial of service attack.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.1

External links

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Command injection

EUVDB-ID: #VU14301

Risk: Low

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-11229

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to command injection in Crestron Toolbox Protocol (CTP). A remote unauthenticated attacker can submit a specially crafted input and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.1

External links

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) OS command injection

EUVDB-ID: #VU14300

Risk: High

CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-11228

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote unauthenticated attacker can submit a specially crafted input via a Bash shell service in Crestron Toolbox Protocol (CTP) and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.1

External links

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Privilege escalation

EUVDB-ID: #VU12975

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-1122

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to top reads its configuration file from the current working directory, without any security check, if the HOME environment variable is unset or empty. A local attacker can exploit one of several vulnerabilities in top's config_file() function, execute top in /tmp (for example) and gain elevated privileges.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.1

External links

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) Buffer overflow

EUVDB-ID: #VU13200

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-11237

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to an AVX-512-optimized implementation of the mempcpy function may write data beyond the target buffer. A local attacker can trigger buffer overflow in __mempcpy_avx512_no_vzeroupper and execute arbitrary code with elevated privileges.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.1

External links

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper input validation

EUVDB-ID: #VU13048

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-11233

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to input validation flaw in processing path names on NTFS-based systems. A remote attacker can supply specially crafted path names and read random memory contents.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.1

External links

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper input validation

EUVDB-ID: #VU13047

Risk: High

CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-11235

CWE-ID: CWE-20 - Improper input validation

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to improper validation of submodule "names" supplied via the untrusted .gitmodules file when appending them to the '$GIT_DIR/modules' directory. A remote attacker can return specially crafted data to create or overwrite files on the target user's system when the repository is cloned and execute arbitrary code with elevated privileges.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.1

External links

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

8) Memory corruption

EUVDB-ID: #VU13011

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-11236

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists in the stdlib/canonicalize.c source code in the GNU glibc library due to improper processing of long pathname arguments to the realpath function. A local unauthenticated attacker can send long pathname arguments to a targeted system that is using 32-bit architecture, trigger an integer overflow condition that can lead to stack-based buffer overflow condition and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.1

External links

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU12976

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-1123

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to ps mmap()s its output buffer and mprotect()s its last page with PROT_NONE (an effective guard page). A remote attacker can trick the victim into opening a specially crafted input, overflow the output buffer of ps and cause the service to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.1

External links

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

10) Improper input validation

EUVDB-ID: #VU12917

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-11232

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local unauthenticated attacker to cause DoS condition on the target system. 

The weakness exists in the etm_setup_aux function due to improper validation of parameters. A local attacker can send specially crafted requests and cause the service to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.1

External links

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Integer overflow

EUVDB-ID: #VU12977

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-1124

CWE-ID: CWE-190 - Integer overflow

Exploit availability: Yes

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to integer overflow in libprocps's file2strvec() function. A local attacker can execute a vulnerable utility (pgrep, pidof, pkill, and w are vulnerable by default; other utilities are vulnerable if executed with non-default options) and gain elevated privileges.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.1

External links

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

12) Privilege escalation

EUVDB-ID: #VU14264

Risk: Low

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-11258

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to a flaw in the Qualcomm closed-source components. A remote attacker can bypass user interaction requirements and gain elevated privileges.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.1

External links

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Buffer over-read

EUVDB-ID: #VU13581

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-11251

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to heap-based buffer over-read in ReadSUNImage in coders/sun.c, which allows attackers to cause a denial of service (application crash in SetGrayscaleImage in MagickCore/quantize.c) via a specially crafted SUN image file. A remote attacker can perform a denial of service attack.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.1

External links

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Stack-based buffer overflow

EUVDB-ID: #VU12993

Risk: High

CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-1125

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow. A remote attacker can send a specially crafted request, trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.1

External links

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

15) Privilege escalation

EUVDB-ID: #VU14242

Risk: Low

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-11260

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to flaws in the Qualcomm component. A remote attacker can bypass user interaction requirements and gain elevated privileges.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.1

External links

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Buffer overflow

EUVDB-ID: #VU12992

Risk: High

CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-1126

CWE-ID: CWE-120 - Buffer overflow

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to improper bounds checking. A remote attacker can send a specially crafted request, trigger memory corruption and execute arbitrary code with elevated privileges.

Mitigation

Update the affected packages.

Vulnerable software versions

Opensuse: 15.1

External links

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###