CVE-2018-1124 - log back

CVE-2018-1124 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Local
Type
+ Privilege escalation
Description
+ A security issue has been found in procps-ng <= 3.3.14. An attacker can exploit an integer overflow in libprocps's file2strvec() function and carry out an LPE when another user, administrator, or script executes a vulnerable utility (pgrep, pidof, pkill, and w are vulnerable by default; other utilities are vulnerable if executed with non-default options). Moreover, an attacker's process running inside a container can trigger this vulnerability in a utility running outside the container: the attacker can exploit this userland vulnerability and break out of the container or chroot.
References
+ https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
Notes
+ Related patch in Qualys' tarball: 0074-proc-readproc.c-Fix-bugs-and-overflows-in-file2strve.patch