CVE-2018-1122

HIGH

procps-ng <3.3.15 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-1122. PoCs published by Qualys Corporation.

AI-analyzed exploit summary This is a Qualys Security Advisory detailing multiple vulnerabilities in procps-ng, including CVE-2018-1124, which involves an integer overflow in libprocps's file2strvec() function leading to local privilege escalation. The advisory includes descriptions of vulnerabilities, proof-of-concept code snippets, and technical details.

Description

procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.

Exploits (1)

exploitdb WRITEUP

by Qualys Corporation · textlocallinux

https://www.exploit-db.com/exploits/44806

View Code ZIP pw:eip

This is a Qualys Security Advisory detailing multiple vulnerabilities in procps-ng, including CVE-2018-1124, which involves an integer overflow in libprocps's file2strvec() function leading to local privilege escalation. The advisory includes descriptions of vulnerabilities, proof-of-concept code snippets, and technical details.

Classification

Writeup 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: procps-ng (libprocps)

No auth needed

Prerequisites: Access to a vulnerable system with procps-ng utilities · Ability to execute arbitrary code on the target system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14

Core References

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3658-1/

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2018/dsa-4208

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201805-14

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44806/

Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/3658-3/

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/104214

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://seclists.org/oss-sec/2018/q2/122

Issue Tracking, Third Party Advisory x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1122

Exploit, Third Party Advisory x_refsource_misc

https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2019:2189

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00058.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00059.html

Vendor Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2020:0595

Scores

CVSS v3 7.3

EPSS 0.0130

EPSS Percentile 66.6%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-829

Status published

Products (9)

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 17.10

canonical/ubuntu_linux 18.04

debian/debian_linux 7.0

debian/debian_linux 8.0

debian/debian_linux 9.0

procps-ng_project/procps-ng < 3.3.15

Published May 23, 2018

Tracked Since Feb 18, 2026