CVE-2018-1123
published 2018-05-23CVE-2018-1123: procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of…
PriorityP349high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
9.08%
94.7th percentile
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | procps | < procps 2:3.3.15-1 (bookworm) | procps 2:3.3.15-1 (bookworm) |
| paloalto | pan-os | — | — |
| procps-ng_project | procps-ng | < 3.3.15 | 3.3.15 |
| procps_project | procps | >= 0 < 2:3.3.15-1 | 2:3.3.15-1 |
| procps_project | procps | >= 0 < 2:3.3.15-1 | 2:3.3.15-1 |
| procps_project | procps | >= 0 < 2:3.3.15-1 | 2:3.3.15-1 |
| procps_project | procps | >= 0 < 2:3.3.15-1 | 2:3.3.15-1 |
| procps_project | procps | >= 0 < 1:3.3.9-1ubuntu2.3 | 1:3.3.9-1ubuntu2.3 |
| procps_project | procps | >= 0 < 2:3.3.10-4ubuntu2.4 | 2:3.3.10-4ubuntu2.4 |
| procps_project | procps | >= 0 < 2:3.3.12-3ubuntu1.1 | 2:3.3.12-3ubuntu1.1 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_ubuntu7.3HIGH
vendor_debian3.9LOW
vendor_redhat3.9LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3vgv-cg7r-qgvj: procps-ng before version 3
ghsa_unreviewed·2022-05-13
CVE-2018-1123 [HIGH] CWE-122 GHSA-3vgv-cg7r-qgvj: procps-ng before version 3
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).
OSV
CVE-2018-1123: procps-ng before version 3
osv·2018-05-23·CVSS 7.5
CVE-2018-1123 [HIGH] CVE-2018-1123: procps-ng before version 3
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).
OSV
procps vulnerabilities
osv·2018-05-23·CVSS 7.0
CVE-2018-1122 [HIGH] procps vulnerabilities
procps vulnerabilities
It was discovered that the procps-ng top utility incorrectly read its
configuration file from the current working directory. A local attacker
could possibly use this issue to escalate privileges. (CVE-2018-1122)
It was discovered that the procps-ng ps tool incorrectly handled memory. A
local user could possibly use this issue to cause a denial of service.
(CVE-2018-1123)
It was discovered that libprocps incorrectly handled the file2strvec()
function. A local attacker could possibly use this to execute arbitrary
code. (CVE-2018-1124)
It was discovered that the procps-ng pgrep utility incorrectly handled
memory. A local attacker could possibly use this issue to cause de denial
of service. (CVE-2018-1125)
It was discovered that procps-ng incorrectly handled memory.
Palo Alto
PAN
vendor_paloalto·2020-07-08·CVSS 9.8
CVE-2013-7459 [CRITICAL] PAN
PAN
The Palo Alto Networks Product Security Assurance team has evaluated and determined that these third-party or open source vulnerabilities do not have any security impact on PAN-OS or that the scenarios required for successful
CVEs: CVE-2013-7459, CVE-2018-1120, CVE-2018-1121, CVE-2018-1122, CVE-2018-1123, CVE-2018-1124, CVE-2018-16402, CVE-2020-11022, CVE-2020-11023, CVE-2020-11896, CVE-2020-11897, CVE-2020-11898, CVE-2020-11899, CVE-2020-11900, CVE-2020-11901, CVE-2020-11902, CVE-2020-11903, CVE-2020-11904, CVE-2020-11905, CVE-2020-11906, CVE-2020-11907, CVE-2020-11908, CVE-2020-11909, CVE-2020-11910, CVE-2020-11911, CVE-2020-11912, CVE-2020-11913, CVE-2020-11914
Affected products: PAN-OS
Ubuntu
procps-ng vulnerabilities
vendor_ubuntu·2018-08-16·CVSS 7.3
CVE-2018-1122 [HIGH] procps-ng vulnerabilities
Title: procps-ng vulnerabilities
Summary: Several security issues were fixed in procps-ng.
USN-3658-1 fixed a vulnerability in procps-ng. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
It was discovered that the procps-ng top utility incorrectly read its
configuration file from the current working directory. A local attacker
could possibly use this issue to escalate privileges. (CVE-2018-1122)
It was discovered that the procps-ng ps tool incorrectly handled memory. A
local user could possibly use this issue to cause a denial of service.
(CVE-2018-1123)
It was discovered that the procps-ng pgrep utility incorrectly handled
memory. A local attacker could possibly use this issue to cause de denial
of service. (CVE-2018-1125)
Instructions:
Ubuntu
procps-ng vulnerabilities
vendor_ubuntu·2018-05-23·CVSS 7.3
CVE-2018-1122 [HIGH] procps-ng vulnerabilities
Title: procps-ng vulnerabilities
Summary: Several security issues were fixed in procps-ng.
It was discovered that the procps-ng top utility incorrectly read its
configuration file from the current working directory. A local attacker
could possibly use this issue to escalate privileges. (CVE-2018-1122)
It was discovered that the procps-ng ps tool incorrectly handled memory. A
local user could possibly use this issue to cause a denial of service.
(CVE-2018-1123)
It was discovered that libprocps incorrectly handled the file2strvec()
function. A local attacker could possibly use this to execute arbitrary
code. (CVE-2018-1124)
It was discovered that the procps-ng pgrep utility incorrectly handled
memory. A local attacker could possibly use this issue to cause de denial
of service. (CVE-201
Red Hat
procps: denial of service in ps via mmap buffer overflow
vendor_redhat·2018-05-17·CVSS 3.9
CVE-2018-1123 [LOW] CWE-122 procps: denial of service in ps via mmap buffer overflow
procps: denial of service in ps via mmap buffer overflow
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).
Due to incorrect accounting when decoding and escaping Unicode data in procfs, ps is vulnerable to overflowing an mmap()ed region when formatting the process list for display. Since ps maps a guard page at the end of the buffer, impact is limited to a crash.
Package: procps (Red Hat Enterprise Linux 5) - Will not fix
Package: procps (Red Hat Enterprise Linux 6) - Will not fix
Package: procps-ng (Red Hat Enterprise Linux 7) - Will not fix
Package: procps-ng (Red
Debian
CVE-2018-1123: procps - procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via m...
vendor_debian·2018·CVSS 3.9
CVE-2018-1123 [LOW] CVE-2018-1123: procps - procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via m...
procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).
Scope: local
bookworm: resolved (fixed in 2:3.3.15-1)
bullseye: resolved (fixed in 2:3.3.15-1)
forky: resolved (fixed in 2:3.3.15-1)
sid: resolved (fixed in 2:3.3.15-1)
trixie: resolved (fixed in 2:3.3.15-1)
No detection rules found.
Bugzilla
CVE-2018-14423 openjpeg2: Division-by-zero vulnerabilities in lib/openjp3d/pi.c
bugzilla·2018-07-30·CVSS 7.5
CVE-2018-14423 [HIGH] CVE-2018-14423 openjpeg2: Division-by-zero vulnerabilities in lib/openjp3d/pi.c
CVE-2018-14423 openjpeg2: Division-by-zero vulnerabilities in lib/openjp3d/pi.c
A flaw was found in in OpenJPEG through 2.3.0. Division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in lib/openjp3d/pi.c allow remote attackers to cause a denial of service (application crash).
References:
https://github.com/uclouvain/openjpeg/issues/1123
Discussion:
Created mingw-openjpeg2 tracking bugs for this issue:
Affects: fedora-all [bug 1609912]
Created openjpeg2 tracking bugs for this issue:
Affects: epel-all [bug 1609911]
Affects: fedora-all [bug 1609910]
Bugzilla
CVE-2018-1123 procps-ng, procps: denial of service in ps via mmap buffer overflow
bugzilla·2018-05-07·CVSS 3.9
CVE-2018-1123 [LOW] CVE-2018-1123 procps-ng, procps: denial of service in ps via mmap buffer overflow
CVE-2018-1123 procps-ng, procps: denial of service in ps via mmap buffer overflow
Due to incorrect accounting when decoding and escaping Unicode data in procfs, ps is vulnerable to overflowing an mmap()ed region when formatting the process list for display.
Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).
Discussion:
Created attachment 1433615
Proposed patch
---
Fixing this is best done by:
1. adjusting the calculation of OUTBUF_SIZE as needed for Unicode
2. limiting the amount of data that is read from /proc/*/* files
The proposed OUTBUF_SIZE_AT may solve the crash, but it adds slowness and does nothing to solve the denial-of-service that can hit when ps (or t
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.htmlhttp://seclists.org/oss-sec/2018/q2/122http://www.securityfocus.com/bid/104214https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1123https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2018/05/msg00021.htmlhttps://security.gentoo.org/glsa/201805-14https://usn.ubuntu.com/3658-1/https://usn.ubuntu.com/3658-3/https://www.debian.org/security/2018/dsa-4208https://www.exploit-db.com/exploits/44806/https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txthttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.htmlhttp://seclists.org/oss-sec/2018/q2/122http://www.securityfocus.com/bid/104214https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1123https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2018/05/msg00021.htmlhttps://security.gentoo.org/glsa/201805-14https://usn.ubuntu.com/3658-1/https://usn.ubuntu.com/3658-3/https://www.debian.org/security/2018/dsa-4208https://www.exploit-db.com/exploits/44806/https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
2018-05-23
Published