EulerOS Virtualization 2.5.1 : procps-ng (EulerOS-SA-2018-1326)

Medium Nessus Plugin ID 118414

Synopsis

The remote EulerOS Virtualization host is missing multiple security
updates.

Description

According to the versions of the procps-ng package installed, the
EulerOS Virtualization installation on the remote host is affected by
the following vulnerabilities :

- If the HOME environment variable is unset or empty, top
will read its configuration file from the current
working directory without any security check. If a user
runs top with HOME unset in an attacker-controlled
directory, the attacker could achieve privilege
escalation by exploiting one of several vulnerabilities
in the config_file() function.(CVE-2018-1122)

- Due to incorrect accounting when decoding and escaping
Unicode data in procfs, ps is vulnerable to overflowing
an mmap()ed region when formatting the process list for
display. Since ps maps a guard page at the end of the
buffer, impact is limited to a crash.(CVE-2018-1123)

- If an argument longer than INT_MAX bytes is given to
pgrep, 'int bytes' could wrap around back to a large
positive int (rather than approaching zero), leading to
a stack buffer overflow via strncat().(CVE-2018-1125)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution

Update the affected procps-ng packages.

See Also

http://www.nessus.org/u?1fc341aa

Plugin Details

Severity: Medium

ID: 118414

File Name: EulerOS_SA-2018-1326.nasl

Version: 1.2

Type: local

Published: 2018/10/26

Modified: 2018/11/13

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:procps-ng, cpe:/o:huawei:euleros:uvp:2.5.1

Patch Publication Date: 2018/09/24

Reference Information

CVE: CVE-2018-1122, CVE-2018-1123, CVE-2018-1125