Process Hiding Vulnerability in Procps-ng by Qualys
CVE-2018-1121

3.9LOW

Key Information:

Vendor

[unknown]

Status
Procps-ng, Procps
Vendor
CVE Published:
13 June 2018

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2018-1121?

The procps-ng component, used for managing processes on Unix-like operating systems, contains a vulnerability that can be exploited to hide processes from being enumerated. By leveraging a race condition in the retrieval of process ID entries, an attacker can initiate a process with a low PID after detecting when the system is scanning the process list, effectively masking their presence from system utilities. This presents a significant security risk as it allows unprivileged users to manipulate process visibility without detection, potentially hiding malicious activities.

Affected Version(s)

procps-ng, procps up to procps-ng 3.3.15 and newer

References

https://www.exploit-db.com/exploits/44806/
exploitx_refsource_EXPLOIT-DB
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104214
vdb-entryx_refsource_BID

CVSS V3.1

Score:
3.9
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

CVSS V3.0

Score:
3.9
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.