CVE-2018-1122

Source
Severity Low
Remote No
Type Privilege escalation
Description
The top utility from procps-ng <= 3.3.14 reads its configuration file from the current working directory, without any security check, if the HOME environment variable is unset or empty. In this very unlikely scenario, an attacker can carry out an LPE (Local Privilege Escalation) if an administrator executes top in /tmp (for example), by exploiting one of several vulnerabilities in top's config_file() function.
Group Package Affected Fixed Severity Status Ticket
AVG-705 procps-ng 3.3.14-1 Medium Vulnerable
References
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
Notes
Related patch in Qualys' tarball: 0097-top-Do-not-default-to-the-cwd-in-configs_read.patch