#VU12975 Privilege escalation in procps - CVE-2018-1122
Published: May 22, 2018 / Updated: June 17, 2021
Vulnerability identifier: #VU12975
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2018-1122
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
procps
procps
Software vendor:
procps-ng
procps-ng
Description
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to top reads its configuration file from the current working directory, without any security check, if the HOME environment variable is unset or empty. A local attacker can exploit one of several vulnerabilities in top's config_file() function, execute top in /tmp (for example) and gain elevated privileges.
The weakness exists due to top reads its configuration file from the current working directory, without any security check, if the HOME environment variable is unset or empty. A local attacker can exploit one of several vulnerabilities in top's config_file() function, execute top in /tmp (for example) and gain elevated privileges.
Remediation
Update to version 3.3.15.