Main
Vulnerability Database
Exploits
ID:6360 - Exploit for Integer overflow in procps - CVE-2018-1124
ID:6360 - Exploit for Integer overflow in procps - CVE-2018-1124
Published: June 17, 2021
Vulnerability identifier: #VU12977
Vulnerability risk: Low
CVE-ID: CVE-2018-1124
CWE-ID: CWE-190
Exploitation vector: Local access
Vulnerable software:
procps
procps
Link to public exploit:
Vulnerability description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to integer overflow in libprocps's file2strvec() function. A local attacker can execute a vulnerable utility (pgrep, pidof, pkill, and w are vulnerable by default; other utilities are vulnerable if executed with non-default options) and gain elevated privileges.
The weakness exists due to integer overflow in libprocps's file2strvec() function. A local attacker can execute a vulnerable utility (pgrep, pidof, pkill, and w are vulnerable by default; other utilities are vulnerable if executed with non-default options) and gain elevated privileges.
Remediation
Update to version 3.3.15.