CVE-2018-1123 log
Source |
|
Severity | Low |
Remote | No |
Type | Denial of service |
Description | A security issue has been found in procps-ng <= 3.3.14 where an attacker can overflow the output buffer of ps, when executed by another user, administrator, or script: a denial of service only (not an LPE), because ps mmap()s its output buffer and mprotect()s its last page with PROT_NONE (an effective guard page). |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-705 | procps-ng | 3.3.14-1 | 3.3.15-1 | Medium | Fixed |
References |
---|
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt |
Notes |
---|
Related patch in Qualys' tarball: 0054-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch |