exploit the possibilities
Showing 1 - 14 of 14 RSS Feed

CVE-2018-1000156

Status Candidate

Overview

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.

Related Files

GNU patch Command Injection / Directory Traversal
Posted Aug 16, 2019
Authored by Imre Rad

GNU patch suffers from command injection and various other vulnerabilities when handling specially crafted patch files.

tags | exploit, vulnerability
advisories | CVE-2018-1000156, CVE-2018-20969, CVE-2019-13636, CVE-2019-13638
SHA-256 | 46e27d51accb7a7405dd3c34e724a12c052ab52ecfe5b3acffb883ba165d5e6b
Gentoo Linux Security Advisory 201904-17
Posted Apr 17, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201904-17 - Multiple vulnerabilities have been found in Patch, the worst of which could result in the execution of arbitrary code. Versions less than 2.7.6-r3 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2018-1000156, CVE-2018-6951, CVE-2018-6952
SHA-256 | f611d1465ff71c629377f0a946b29349fec276e2a4cc800e95134e1952531f7a
Red Hat Security Advisory 2018-2091-01
Posted Jun 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2091-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-1000156
SHA-256 | d3c6064bf376eb062053d367649d2dc466e0850c1c147bd03bd838dce6276d18
Red Hat Security Advisory 2018-2092-01
Posted Jun 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2092-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-1000156
SHA-256 | e213496ac56bcd5ba0d2fd1418e46c3a7a7245fe2345abe3a293f22e514c3ef4
Red Hat Security Advisory 2018-2097-01
Posted Jun 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2097-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-1000156
SHA-256 | 0ae866e2897aa7b187a103791f954dd69b4527ae2f31af6012a773e54bbe6651
Red Hat Security Advisory 2018-2095-01
Posted Jun 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2095-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-1000156
SHA-256 | f61bca2971306a29e1886236f08d98e28ad1c1323a9ec47e6ecfc713160c6192
Red Hat Security Advisory 2018-2093-01
Posted Jun 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2093-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-1000156
SHA-256 | 6708741ea6f481497d205a604f52726ae68dd5a02fff94ed8c5f8c00aad7ef99
Red Hat Security Advisory 2018-2094-01
Posted Jun 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2094-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-1000156
SHA-256 | 20c934097268a62c04aafdfa9563f7cf32dd7093266666d756f7604cec4db007
Red Hat Security Advisory 2018-2096-01
Posted Jun 27, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-2096-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-1000156
SHA-256 | 4b5a20538bbbfb49cd9e3b9cb919572c1fa82a02c10cac192b1867413bf41633
Red Hat Security Advisory 2018-1200-01
Posted Apr 24, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1200-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Patch should be installed because it is a common way of upgrading applications. Issues addressed include a patching vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-1000156
SHA-256 | 008a77af21110101f7579caf2f6d8f354605f116ebadf9c11d7e03e0418ba3e6
Red Hat Security Advisory 2018-1199-01
Posted Apr 24, 2018
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2018-1199-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Patch should be installed because it is a common way of upgrading applications. Issues addressed include a patching vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2018-1000156
SHA-256 | 2cb0d2c98c1a589371bbeb47447a723d1fd314d3d983af03c1018600b44c441f
Ubuntu Security Notice USN-3624-2
Posted Apr 16, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3624-2 - USN-3624-1 fixed a vulnerability in Patch. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2016-10713, CVE-2018-1000156
SHA-256 | 4eb09490350a27c78c5232f94be0eabd7eade58f0a9efd7083e1670a0ca1f4f6
Ubuntu Security Notice USN-3624-1
Posted Apr 11, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3624-1 - It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. It was discovered that Patch incorrectly handled certain input validation. An attacker could possibly use this to execute arbitrary code. It was discovered that Patch incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-10713, CVE-2018-1000156, CVE-2018-6951
SHA-256 | 23b2238de3fedf6260e2c497292dab06b0b883adf12ef84c4fed3da08b2b10f5
Slackware Security Advisory - patch Updates
Posted Apr 6, 2018
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New patch packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2018-1000156
SHA-256 | 9eb9cfbbe11a6420a160a6c790e91163ae73f2e165e76b1dfd042906008e3180
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    5 Files
  • 26
    May 26th
    12 Files
  • 27
    May 27th
    12 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close