Wind River Support Network

HomeDefectsLIN9-6895
Fixed

LIN9-6895 : Security Advisory - procps - CVE-2018-1122

Created: May 24, 2018    Updated: Aug 28, 2018
Resolved Date: May 29, 2018
Found In Version: 9.0.0.15
Fix Version: 9.0.0.16
Severity: Standard
Applicable for: Wind River Linux 9
Component/s: Userspace

Description

Local Privilege Escalation in top

top reads its configuration file from the current working directory, without any security check, if the HOME environment variable is unset or empty. In this very unlikely scenario, an attacker can carry out an LPE (Local Privilege Escalation) if an administrator executes top in /tmp (for example), by exploiting one of several vulnerabilities in top's config_file() function.

https://security.archlinux.org/CVE-2018-1122
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt

CVEs


Live chat
Online