pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
vuln-list-alt/oval/c10f1/ALT-PU-2019-1749/definitions.json
pepelyaevip 9d72b75f75 ALT Vulnerability
2024-12-12 21:07:30 +00:00

220 lines
10 KiB
JSON
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20191749",
"Version": "oval:org.altlinux.errata:def:20191749",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2019-1749: package `procps` update to version 3.3.15-alt1.git2f79ff3bc6a7ad",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c10f1"
],
"Products": [
"ALT SP Workstation",
"ALT SP Server"
]
}
],
"References": [
{
"RefID": "ALT-PU-2019-1749",
"RefURL": "https://errata.altlinux.org/ALT-PU-2019-1749",
"Source": "ALTPU"
},
{
"RefID": "BDU:2018-01505",
"RefURL": "https://bdu.fstec.ru/vul/2018-01505",
"Source": "BDU"
},
{
"RefID": "BDU:2019-00182",
"RefURL": "https://bdu.fstec.ru/vul/2019-00182",
"Source": "BDU"
},
{
"RefID": "BDU:2019-00250",
"RefURL": "https://bdu.fstec.ru/vul/2019-00250",
"Source": "BDU"
},
{
"RefID": "BDU:2020-03291",
"RefURL": "https://bdu.fstec.ru/vul/2020-03291",
"Source": "BDU"
},
{
"RefID": "BDU:2020-03292",
"RefURL": "https://bdu.fstec.ru/vul/2020-03292",
"Source": "BDU"
},
{
"RefID": "CVE-2018-1122",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1122",
"Source": "CVE"
},
{
"RefID": "CVE-2018-1123",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1123",
"Source": "CVE"
},
{
"RefID": "CVE-2018-1124",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1124",
"Source": "CVE"
},
{
"RefID": "CVE-2018-1125",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1125",
"Source": "CVE"
},
{
"RefID": "CVE-2018-1126",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2018-1126",
"Source": "CVE"
}
],
"Description": "This update upgrades procps to version 3.3.15-alt1.git2f79ff3bc6a7ad. \nSecurity Fix(es):\n\n * BDU:2018-01505: Уязвимость функции pgrep набора консольных приложений для мониторинга и завершения системных процессов Props-ng, позволяющая нарушителю вызвать отказ в обслуживании\n\n * BDU:2019-00182: Уязвимость функции file2strvec набора консольных приложений для мониторинга и завершения системных процессов Props-ng, позволяющая нарушителю выполнить произвольный код\n\n * BDU:2019-00250: Уязвимость функции file2strvec набора утилит командной строки procps-ng, позволяющая нарушителю повысить привилегии и выполнить произвольный код\n\n * BDU:2020-03291: Уязвимость функции config_file() набора утилит командной строки procps-ng, позволяющая нарушителю повысить свои привилегии\n\n * BDU:2020-03292: Уязвимость набора утилит командной строки procps-ng, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю повысить свои привилегии\n\n * CVE-2018-1122: procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.\n\n * CVE-2018-1123: procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).\n\n * CVE-2018-1124: procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.\n\n * CVE-2018-1125: procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.\n\n * CVE-2018-1126: procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2019-04-29"
},
"Updated": {
"Date": "2019-04-29"
},
"BDUs": [
{
"ID": "BDU:2018-01505",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-119",
"Href": "https://bdu.fstec.ru/vul/2018-01505",
"Impact": "High",
"Public": "20180523"
},
{
"ID": "BDU:2019-00182",
"CVSS": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-00182",
"Impact": "High",
"Public": "20180523"
},
{
"ID": "BDU:2019-00250",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"CWE": "CWE-190",
"Href": "https://bdu.fstec.ru/vul/2019-00250",
"Impact": "Critical",
"Public": "20180523"
},
{
"ID": "BDU:2020-03291",
"CVSS": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-829",
"Href": "https://bdu.fstec.ru/vul/2020-03291",
"Impact": "High",
"Public": "20180507"
},
{
"ID": "BDU:2020-03292",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-119, CWE-122",
"Href": "https://bdu.fstec.ru/vul/2020-03292",
"Impact": "High",
"Public": "20180507"
}
],
"CVEs": [
{
"ID": "CVE-2018-1122",
"CVSS": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "NVD-CWE-noinfo",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-1122",
"Impact": "High",
"Public": "20180523"
},
{
"ID": "CVE-2018-1123",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-1123",
"Impact": "High",
"Public": "20180523"
},
{
"ID": "CVE-2018-1124",
"CVSS": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-1124",
"Impact": "High",
"Public": "20180523"
},
{
"ID": "CVE-2018-1125",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-787",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-1125",
"Impact": "High",
"Public": "20180523"
},
{
"ID": "CVE-2018-1126",
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-190",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2018-1126",
"Impact": "Critical",
"Public": "20180523"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:10",
"cpe:/o:alt:spserver:10"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:5001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20191749001",
"Comment": "libprocps is earlier than 0:3.3.15-alt1.git2f79ff3bc6a7ad"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191749002",
"Comment": "libprocps-devel is earlier than 0:3.3.15-alt1.git2f79ff3bc6a7ad"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20191749003",
"Comment": "procps is earlier than 0:3.3.15-alt1.git2f79ff3bc6a7ad"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink