Professional Documents
Culture Documents
Vulnera Bili Dad Es 12
Vulnera Bili Dad Es 12
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
Package Installed Version Required Version
kernel 3.10.0-693.17.1.el7.x86_64 3.10.0-1062.12.1.el7
kernel-tools 3.10.0-693.17.1.el7.x86_64 3.10.0-1062.12.1.el7
kernel-tools-libs 3.10.0-693.17.1.el7.x86_64 3.10.0-1062.12.1.el7
python-perf 3.10.0-693.17.1.el7.x86_64 3.10.0-1062.12.1.el7
4 Red Hat Update for procps-ng (RHSA-2018:1700) CVSS: - CVSS3: 8.8 Active
CVSS Environment:
Asset Group: -
Collateral Damage Potential: -
Target Distribution: -
Confidentiality Requirement: -
Integrity Requirement: -
Availability Requirement: -
THREAT:
The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top,
uptime, vmstat, w, watch, and pwdx.
Security Fixes: procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124)procps-ng, procps: incorrect integer
size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126)
Affected Products: Red Hat Enterprise Linux Server 7 x86_64 Red Hat Enterprise Linux Server - Extended Update Support
7.5 x86_64 Red Hat Enterprise Linux Workstation 7 x86_64 Red Hat Enterprise Linux Desktop 7 x86_64
Red Hat Enterprise Linux for IBM z Systems 7 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.5
s390x Red Hat Enterprise Linux for Power, big endian 7 ppc64 Red Hat Enterprise Linux for Power, big endian -
Extended Update Support 7.5 ppc64 Red Hat Enterprise Linux for Scientific Computing 7 x86_64 Red Hat Enterprise
Linux EUS Compute Node 7.5 x86_64 Red Hat Enterprise Linux for Power, little endian 7 ppc64le Red Hat
Enterprise Linux for Power, little endian - Extended Update Support 7.5 ppc64le Red Hat Enterprise Linux for ARM 64 7 aarch64
Red Hat Enterprise Linux for Power 9 7 ppc64le Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x
IMPACT:
On successful exploitation it could allow an attacker to execute code.
SOLUTION:
Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system (https://access.redhat.com/
articles/11258) for details.
Refer to Red Hat security advisory RHSA-2018:1700 (https://access.redhat.com/errata/RHSA-2018:1700) to address this issue and obtain more
information.
Patch: