exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2019-13638

Status Candidate

Overview

GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.

Related Files

Red Hat Security Advisory 2019-4061-01
Posted Dec 3, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4061-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-20969, CVE-2019-13638
SHA-256 | 84a75a1eb58eb29319be41548bcf4f86d34b05e2b064f0fdb4dcac173b65c17b
Red Hat Security Advisory 2019-3758-01
Posted Nov 7, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3758-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-20969, CVE-2019-13638
SHA-256 | 6bc2a5f7e7d47cab38157a0d41ad815d8be6b27a4760ce1d6c6cf011a3e56b90
Red Hat Security Advisory 2019-3757-01
Posted Nov 7, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3757-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-20969, CVE-2019-13638
SHA-256 | 1300b7b227229f6bf7638f4bef11b7398c4c690f0979f4e4edeb8d1e84f213ef
Red Hat Security Advisory 2019-2964-01
Posted Oct 3, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2964-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-20969, CVE-2019-13638
SHA-256 | d1730816f7f3aa4653489969111b2af8ae2d5d5628680b74ddb4032bf1866fdb
Red Hat Security Advisory 2019-2798-01
Posted Sep 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2798-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-20969, CVE-2019-13638
SHA-256 | a92d6703bca508a9cc426af1331d9408fd4246d007e2ae2b76f88ddfabafbd5c
Gentoo Linux Security Advisory 201908-22
Posted Aug 19, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201908-22 - Multiple vulnerabilities have been found in Patch, the worst of which could result in the arbitrary execution of code. Versions less than 2.7.6-r4 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2019-13636, CVE-2019-13638
SHA-256 | 6f447b44bb4214475ce239876d771d1fa9336181e808c8f24d80e42adab348e3
GNU patch Command Injection / Directory Traversal
Posted Aug 16, 2019
Authored by Imre Rad

GNU patch suffers from command injection and various other vulnerabilities when handling specially crafted patch files.

tags | exploit, vulnerability
advisories | CVE-2018-1000156, CVE-2018-20969, CVE-2019-13636, CVE-2019-13638
SHA-256 | 46e27d51accb7a7405dd3c34e724a12c052ab52ecfe5b3acffb883ba165d5e6b
Debian Security Advisory 4489-1
Posted Jul 28, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4489-1 - Imre Rad discovered several vulnerabilities in GNU patch, leading to shell command injection or escape from the working directory and access and overwrite files, if specially crafted patch files are processed.

tags | advisory, shell, vulnerability
systems | linux, debian
advisories | CVE-2019-13636, CVE-2019-13638
SHA-256 | 629bdd444567253abe16946a2abbf219c2b6e287a64661215bc9b20cf3983ebc
Ubuntu Security Notice USN-4071-2
Posted Jul 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4071-2 - USN-4071-1 fixed several vulnerabilities in Patch. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-13636, CVE-2019-13638
SHA-256 | 0b7c4a198db51cde30cce47cc6a0ae95e2c18bd207868b3dc0dab1fbed99adb0
Ubuntu Security Notice USN-4071-1
Posted Jul 24, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4071-1 - It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-13636, CVE-2019-13638
SHA-256 | bb6be6ae6ab1c6d02ca25c70421ee7d9fb0267f22a1d62dae05ce539135a8dc1
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close