Detections
Analytics

openSUSE Security Update : procps (openSUSE-2019-2376)

critical Nessus Plugin ID 130333

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for procps fixes the following issues :

procps was updated to 3.3.15. (bsc#1092100)

Following security issues were fixed :

 - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100).

 - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100).

 - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function.
 This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100).

 - CVE-2018-1125: Prevent stack-based buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100).

 - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100).

Also this non-security issue was fixed :

 - Fix CPU summary showing old data. (bsc#1121753)

The update to 3.3.15 contains the following fixes :

 - library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures

 - library: Just check for SIGLOST and don't delete it

 - library: Fix integer overflow and LPE in file2strvec CVE-2018-1124

 - library: Use size_t for alloc functions CVE-2018-1126

 - library: Increase comm size to 64

 - pgrep: Fix stack-based buffer overflow CVE-2018-1125

 - pgrep: Remove >15 warning as comm can be longer

 - ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123

 - ps: Increase command name selection field to 64

 - top: Don't use cwd for location of config CVE-2018-1122

 - update translations

 - library: build on non-glibc systems

 - free: fix scaling on 32-bit systems

 - Revert 'Support running with child namespaces'

 - library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler

 - doc: Document I idle state in ps.1 and top.1

 - free: fix some of the SI multiples

 - kill: -l space between name parses correctly

 - library: dont use vm_min_free on non Linux

 - library: don't strip off wchan prefixes (ps & top)

 - pgrep: warn about 15+ char name only if -f not used

 - pgrep/pkill: only match in same namespace by default

 - pidof: specify separator between pids

 - pkill: Return 0 only if we can kill process

 - pmap: fix duplicate output line under '-x' option

 - ps: avoid eip/esp address truncations

 - ps: recognizes SCHED_DEADLINE as valid CPU scheduler

 - ps: display NUMA node under which a thread ran

 - ps: Add seconds display for cputime and time

 - ps: Add LUID field

 - sysctl: Permit empty string for value

 - sysctl: Don't segv when file not available

 - sysctl: Read and write large buffers

 - top: add config file support for XDG specification

 - top: eliminated minor libnuma memory leak

 - top: show fewer memory decimal places (configurable)

 - top: provide command line switch for memory scaling

 - top: provide command line switch for CPU States

 - top: provides more accurate cpu usage at startup

 - top: display NUMA node under which a thread ran

 - top: fix argument parsing quirk resulting in SEGV

 - top: delay interval accepts non-locale radix point

 - top: address a wishlist man page NLS suggestion

 - top: fix potential distortion in 'Mem' graph display

 - top: provide proper multi-byte string handling

 - top: startup defaults are fully customizable

 - watch: define HOST_NAME_MAX where not defined

 - vmstat: Fix alignment for disk partition format

 - watch: Support ANSI 39,49 reset sequences

This update was imported from the SUSE:SLE-15:Update update project.

Solution

Update the affected procps packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1092100

https://bugzilla.opensuse.org/show_bug.cgi?id=1121753

Plugin Details

Severity: Critical

ID: 130333

File Name: openSUSE-2019-2376.nasl

Version: 1.2

Type: local

Agent: unix

Published: 10/28/2019

Updated: 12/18/2019

Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libprocps7, p-cpe:/a:novell:opensuse:libprocps7-debuginfo, p-cpe:/a:novell:opensuse:procps, p-cpe:/a:novell:opensuse:procps-debuginfo, p-cpe:/a:novell:opensuse:procps-debugsource, p-cpe:/a:novell:opensuse:procps-devel, cpe:/o:novell:opensuse:15.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/26/2019

Vulnerability Publication Date: 5/23/2018

Reference Information

CVE: CVE-2018-1122, CVE-2018-1123, CVE-2018-1124, CVE-2018-1125, CVE-2018-1126