Main
Vulnerability Database
Exploits
ID:6362 - Exploit for Privilege escalation in procps - CVE-2018-1122
ID:6362 - Exploit for Privilege escalation in procps - CVE-2018-1122
Published: June 17, 2021
Vulnerability identifier: #VU12975
Vulnerability risk: Low
CVE-ID: CVE-2018-1122
CWE-ID: CWE-264
Exploitation vector: Local access
Vulnerable software:
procps
procps
Link to public exploit:
Vulnerability description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to top reads its configuration file from the current working directory, without any security check, if the HOME environment variable is unset or empty. A local attacker can exploit one of several vulnerabilities in top's config_file() function, execute top in /tmp (for example) and gain elevated privileges.
The weakness exists due to top reads its configuration file from the current working directory, without any security check, if the HOME environment variable is unset or empty. A local attacker can exploit one of several vulnerabilities in top's config_file() function, execute top in /tmp (for example) and gain elevated privileges.
Remediation
Update to version 3.3.15.