Scribd Logo
Upload

Welcome to Scribd!

  • Vulnera Bili Dad Es 12

    Uploaded by

    Miguel Angel
    13 views1 page
    VULNERABILIDADES

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    VULNERABILIDADES

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    13 views1 page

    Vulnera Bili Dad Es 12

    Uploaded by

    Miguel Angel
    VULNERABILIDADES

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    Not Applicable

    EXPLOITABILITY:
    There is no exploitability information for this vulnerability.

    ASSOCIATED MALWARE:
    There is no malware information for this vulnerability.

    RESULTS:
    Package Installed Version Required Version
    kernel 3.10.0-693.17.1.el7.x86_64 3.10.0-1062.12.1.el7
    kernel-tools 3.10.0-693.17.1.el7.x86_64 3.10.0-1062.12.1.el7
    kernel-tools-libs 3.10.0-693.17.1.el7.x86_64 3.10.0-1062.12.1.el7
    python-perf 3.10.0-693.17.1.el7.x86_64 3.10.0-1062.12.1.el7

    4 Red Hat Update for procps-ng (RHSA-2018:1700) CVSS: - CVSS3: 8.8 Active

    QID: 236824 CVSS Base: 7.5


    Category: RedHat CVSS Temporal: 5.9
    CVE ID: CVE-2018-1124, CVE-2018-1126
    Vendor Reference: RHSA-2018:1700
    Bugtraq ID: 104214
    Service Modified: 28/05/2018 CVSS3 Base: 9.8
    User Modified: - CVSS3 Temporal: 8.8
    Edited: No
    PCI Vuln: Yes
    Ticket State:

    First Detected: 09/02/2021 at 11:01:52 PM (GMT+0100)


    Last Detected: 11/02/2021 at 09:54:24 PM (GMT+0100)
    Times Detected: 11
    Last Fixed: N/A

    CVSS Environment:
    Asset Group: -
    Collateral Damage Potential: -
    Target Distribution: -
    Confidentiality Requirement: -
    Integrity Requirement: -
    Availability Requirement: -

    THREAT:
    The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top,
    uptime, vmstat, w, watch, and pwdx.
    Security Fixes: procps-ng, procps: Integer overflows leading to heap overflow in file2strvec (CVE-2018-1124)procps-ng, procps: incorrect integer
    size in proc/alloc.* leading to truncation / integer overflow issues (CVE-2018-1126)
    Affected Products: Red Hat Enterprise Linux Server 7 x86_64 Red Hat Enterprise Linux Server - Extended Update Support
    7.5 x86_64 Red Hat Enterprise Linux Workstation 7 x86_64 Red Hat Enterprise Linux Desktop 7 x86_64
    Red Hat Enterprise Linux for IBM z Systems 7 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.5
    s390x Red Hat Enterprise Linux for Power, big endian 7 ppc64 Red Hat Enterprise Linux for Power, big endian -
    Extended Update Support 7.5 ppc64 Red Hat Enterprise Linux for Scientific Computing 7 x86_64 Red Hat Enterprise
    Linux EUS Compute Node 7.5 x86_64 Red Hat Enterprise Linux for Power, little endian 7 ppc64le Red Hat
    Enterprise Linux for Power, little endian - Extended Update Support 7.5 ppc64le Red Hat Enterprise Linux for ARM 64 7 aarch64
    Red Hat Enterprise Linux for Power 9 7 ppc64le Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x

    IMPACT:
    On successful exploitation it could allow an attacker to execute code.

    SOLUTION:
    Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system (https://access.redhat.com/
    articles/11258) for details.
    Refer to Red Hat security advisory RHSA-2018:1700 (https://access.redhat.com/errata/RHSA-2018:1700) to address this issue and obtain more
    information.
    Patch:

    CO-NO PROD page 206

    You might also like