CVE-2018-1000156 – patch: Malicious patch files cause ed to execute arbitrary commands
https://notcve.org/view.php?id=CVE-2018-1000156
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. La versión 2.7.6 de GNU Patch contiene una vulnerabilidad de validación de entradas al procesar archivos patch; específicamente la invocación EDITOR_PROGRAM (usando ed) puede resultar en la ejecución de código. el ataque parece ser explotable mediante un archivo patch procesado mediante la utilidad patch. Esto es similar al CVE-2015-1418 de FreeBSD: aunque comparten un ancestro común, las bases de código han divergido con el tiempo. • http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html http://rachelbythebay.com/w/2018/04/05/bangpatch https://access.redhat.com/errata/RHSA-2018:1199 https://access.redhat.com/errata/RHSA-2018:1200 https://access.redhat.com/errata/RHSA-2018:2091 https://access.redhat.com/errata/RHSA-2018:2092 https://access.redhat.com/errata/RHSA-2018:2093 https://access.redhat.com/errata/RHSA-2018:2094 https://access.redhat.com/errata/RHSA-2018:2095 ht • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2018-6951
https://notcve.org/view.php?id=CVE-2018-6951
An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue. Se ha descubierto un problema hasta la versión 2.7.6 de GNU patch. Hay un fallo de segmentación, asociado con una desreferencia de puntero NULL, que conduce a una denegación de servicio (DoS) en la función intuit_diff_type en pch.c. Esto también se conoce como problema "mangled rename". • http://www.securityfocus.com/bid/103044 https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a https://savannah.gnu.org/bugs/index.php?53132 https://security.gentoo.org/glsa/201904-17 https://usn.ubuntu.com/3624-1 • CWE-476: NULL Pointer Dereference •
CVE-2018-6952 – patch: Double free of memory in pch.c:another_hunk() causes a crash
https://notcve.org/view.php?id=CVE-2018-6952
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. Existe una doble liberación (double free) en la función another_hunk en pch.c en GNU patch hasta la versión 2.7.6. A double-free flaw was found in the way the patch utility processed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patches. • http://www.securityfocus.com/bid/103047 https://access.redhat.com/errata/RHSA-2019:2033 https://savannah.gnu.org/bugs/index.php?53133 https://security.gentoo.org/glsa/201904-17 https://access.redhat.com/security/cve/CVE-2018-6952 https://bugzilla.redhat.com/show_bug.cgi?id=1545053 • CWE-415: Double Free CWE-416: Use After Free •
CVE-2016-10713 – patch: Out-of-bounds access in pch_write_line function in pch.c
https://notcve.org/view.php?id=CVE-2016-10713
An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file. Se ha descubierto un problema en versiones anteriores a la 2.7.6 de GNU patch. El acceso fuera de límites en pch_write_line() en pch.c puede conducir a DoS mediante un archivo de entradas manipulado. A heap-based out-of-bounds read flaw was found in the way the patch utility parsed patch files. • http://www.securityfocus.com/bid/103063 https://access.redhat.com/errata/RHSA-2019:2033 https://git.savannah.gnu.org/cgit/patch.git/commit/src/pch.c?id=a0d7fe4589651c64bd16ddaaa634030bb0455866 https://usn.ubuntu.com/3624-1 https://usn.ubuntu.com/3624-2 https://access.redhat.com/security/cve/CVE-2016-10713 https://bugzilla.redhat.com/show_bug.cgi?id=1545405 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVE-2015-1396
https://notcve.org/view.php?id=CVE-2015-1396
A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196. Se presenta una vulnerabilidad de Salto de Directorio en el parche GNU versiones anteriores a 2.7.4. Un atacante remoto puede escribir en archivos arbitrarios por medio de un ataque de tipo symlink en un archivo de parche. • http://www.openwall.com/lists/oss-security/2015/01/27/29 http://www.securityfocus.com/bid/75358 http://www.ubuntu.com/usn/USN-2651-1 https://bugzilla.redhat.com/show_bug.cgi?id=1186764 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •