CVE-2018-1000156

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.

References

http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html

http://rachelbythebay.com/w/2018/04/05/bangpatch/

https://access.redhat.com/errata/RHSA-2018:1199

https://access.redhat.com/errata/RHSA-2018:1200

https://access.redhat.com/errata/RHSA-2018:2091

https://access.redhat.com/errata/RHSA-2018:2092

https://access.redhat.com/errata/RHSA-2018:2093

https://access.redhat.com/errata/RHSA-2018:2094

https://access.redhat.com/errata/RHSA-2018:2095

https://access.redhat.com/errata/RHSA-2018:2096

https://access.redhat.com/errata/RHSA-2018:2097

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667#19

https://lists.debian.org/debian-lts-announce/2018/04/msg00013.html

https://savannah.gnu.org/bugs/index.php?53566

https://seclists.org/bugtraq/2019/Aug/29

https://seclists.org/bugtraq/2019/Jul/54

https://security.gentoo.org/glsa/201904-17

https://twitter.com/kurtseifried/status/982028968877436928

https://usn.ubuntu.com/3624-1/

https://usn.ubuntu.com/3624-2/

Details

Source: MITRE

Published: 2018-04-06

Updated: 2019-07-30

Type: CWE-20

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:gnu:patch:2.7.6:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Tenable Plugins

View all (39 total)

IDNameProductFamilySeverity
127399NewStart CGSL MAIN 4.05 : patch Vulnerability (NS-SA-2019-0138)NessusNewStart CGSL Local Security Checks
high
127194NewStart CGSL CORE 5.04 / MAIN 5.04 : patch Vulnerability (NS-SA-2019-0029)NessusNewStart CGSL Local Security Checks
high
124130GLSA-201904-17 : Patch: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
121948Photon OS 2.0: Patch PHSA-2018-2.0-0049NessusPhotonOS Local Security Checks
high
121843Photon OS 1.0: Patch PHSA-2018-1.0-0142NessusPhotonOS Local Security Checks
high
120885Fedora 28 : patch (2018-ed8d7c62c9)NessusFedora Local Security Checks
high
119069EulerOS Virtualization 2.5.1 : patch (EulerOS-SA-2018-1378)NessusHuawei Local Security Checks
high
118902FreeBSD : patch -- multiple vulnerabilities (791841a3-d484-4878-8909-92ef9ce424f4)NessusFreeBSD Local Security Checks
high
111304Photon OS 2.0 : linux-esx / linux / patch / linux-aws / linux-secure (PhotonOS-PHSA-2018-2.0-0049) (deprecated)NessusPhotonOS Local Security Checks
high
111271Photon OS 1.0 : patch (PhotonOS-PHSA-2018-1.0-0142) (deprecated)NessusPhotonOS Local Security Checks
high
110848EulerOS 2.0 SP3 : patch (EulerOS-SA-2018-1184)NessusHuawei Local Security Checks
high
110759RHEL 6 : patch (RHSA-2018:2097)NessusRed Hat Local Security Checks
high
110758RHEL 6 : patch (RHSA-2018:2096)NessusRed Hat Local Security Checks
high
110757RHEL 6 : patch (RHSA-2018:2095)NessusRed Hat Local Security Checks
high
110756RHEL 6 : patch (RHSA-2018:2094)NessusRed Hat Local Security Checks
high
110755RHEL 7 : patch (RHSA-2018:2093)NessusRed Hat Local Security Checks
high
110754RHEL 7 : patch (RHSA-2018:2092)NessusRed Hat Local Security Checks
high
110753RHEL 7 : patch (RHSA-2018:2091)NessusRed Hat Local Security Checks
high
110241CentOS 7 : patch (CESA-2018:1200)NessusCentOS Local Security Checks
high
110151EulerOS 2.0 SP2 : patch (EulerOS-SA-2018-1147)NessusHuawei Local Security Checks
high
110150EulerOS 2.0 SP1 : patch (EulerOS-SA-2018-1146)NessusHuawei Local Security Checks
high
109822Fedora 26 : patch (2018-88a4219528)NessusFedora Local Security Checks
high
109819Fedora 27 : patch (2018-23a1b5975a)NessusFedora Local Security Checks
high
109696Amazon Linux AMI : patch (ALAS-2018-1008)NessusAmazon Linux Local Security Checks
high
109687Amazon Linux 2 : patch (ALAS-2018-1008)NessusAmazon Linux Local Security Checks
high
109599SUSE SLES11 Security Update : patch (SUSE-SU-2018:1162-1)NessusSuSE Local Security Checks
high
109549SUSE SLED12 / SLES12 Security Update : patch (SUSE-SU-2018:1128-1)NessusSuSE Local Security Checks
high
109540openSUSE Security Update : patch (openSUSE-2018-416)NessusSuSE Local Security Checks
high
109528CentOS 6 : patch (CESA-2018:1199)NessusCentOS Local Security Checks
high
109462Scientific Linux Security Update : patch on SL7.x x86_64 (20180423)NessusScientific Linux Local Security Checks
high
109334OracleVM 3.3 / 3.4 : patch (OVMSA-2018-0036)NessusOracleVM Local Security Checks
high
109308Scientific Linux Security Update : patch on SL6.x i386/x86_64 (20180423)NessusScientific Linux Local Security Checks
high
109301RHEL 7 : patch (RHSA-2018:1200)NessusRed Hat Local Security Checks
high
109300RHEL 6 : patch (RHSA-2018:1199)NessusRed Hat Local Security Checks
high
109298Oracle Linux 7 : patch (ELSA-2018-1200)NessusOracle Linux Local Security Checks
high
109297Oracle Linux 6 : patch (ELSA-2018-1199)NessusOracle Linux Local Security Checks
high
109063Debian DLA-1348-1 : patch security updateNessusDebian Local Security Checks
high
109002Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : Patch vulnerabilities (USN-3624-1)NessusUbuntu Local Security Checks
high
108890Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : patch (SSA:2018-096-01)NessusSlackware Local Security Checks
high