Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-1122

CWE-82912 documents9 sources
Severity
7.0HIGH
EPSS
0.3%
top 51.48%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Procps-ng Project Procps-ngCanonical Ubuntu LinuxDebian Debian Linux
Timeline
PublishedMay 23
Latest updateMay 13

Description

procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages3 packages

ā–¶Debianprocps< 2:3.3.15-1+3
ā–¶Ubuntuprocps< 1:3.3.9-1ubuntu2.3+2

Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 12.04, 14.04, 16.04, 17.10, 18.04

šŸ”“Vulnerability Details

4
GHSA
GHSA-mphr-mvhq-p32f: procps-ng before version 3ā†—2022-05-13
ā–¶
OSV
CVE-2018-1122: procps-ng before version 3ā†—2018-05-23
ā–¶
CVEList
CVE-2018-1122: procps-ng before version 3ā†—2018-05-23
ā–¶
OSV
procps vulnerabilitiesā†—2018-05-23
ā–¶

šŸ’„Exploits & PoCs

1
Exploit-DB
Procps-ng - Multiple Vulnerabilitiesā†—2018-05-30
ā–¶

šŸ“‹Vendor Advisories

4
Ubuntu
procps-ng vulnerabilitiesā†—2018-08-16
ā–¶
Ubuntu
procps-ng vulnerabilitiesā†—2018-05-23
ā–¶
Red Hat
procps: Local privilege escalation in topā†—2018-05-17
ā–¶
Debian
CVE-2018-1122: procps - procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in...ā†—2018
ā–¶

šŸ’¬Community

2
Bugzilla
CVE-2018-1122 procps-ng: procps-ng, procps: Local privilege escalation in top [fedora-28]ā†—2018-05-18
ā–¶
Bugzilla
CVE-2018-1122 procps-ng, procps: Local privilege escalation in topā†—2018-05-07
ā–¶
CVE-2018-1122 (HIGH CVSS 7) | procps-ng before version 3.3.15 is | cvebase.io