what you don't know can hurt you
Showing 1 - 10 of 10 RSS Feed

CVE-2019-13638

Status Candidate

Overview

GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.

Related Files

Red Hat Security Advisory 2019-4061-01
Posted Dec 3, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4061-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-20969, CVE-2019-13638
SHA-256 | 84a75a1eb58eb29319be41548bcf4f86d34b05e2b064f0fdb4dcac173b65c17b
Red Hat Security Advisory 2019-3758-01
Posted Nov 7, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3758-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-20969, CVE-2019-13638
SHA-256 | 6bc2a5f7e7d47cab38157a0d41ad815d8be6b27a4760ce1d6c6cf011a3e56b90
Red Hat Security Advisory 2019-3757-01
Posted Nov 7, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3757-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-20969, CVE-2019-13638
SHA-256 | 1300b7b227229f6bf7638f4bef11b7398c4c690f0979f4e4edeb8d1e84f213ef
Red Hat Security Advisory 2019-2964-01
Posted Oct 3, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2964-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-20969, CVE-2019-13638
SHA-256 | d1730816f7f3aa4653489969111b2af8ae2d5d5628680b74ddb4032bf1866fdb
Red Hat Security Advisory 2019-2798-01
Posted Sep 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2798-01 - The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2018-20969, CVE-2019-13638
SHA-256 | a92d6703bca508a9cc426af1331d9408fd4246d007e2ae2b76f88ddfabafbd5c
Gentoo Linux Security Advisory 201908-22
Posted Aug 19, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201908-22 - Multiple vulnerabilities have been found in Patch, the worst of which could result in the arbitrary execution of code. Versions less than 2.7.6-r4 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2019-13636, CVE-2019-13638
SHA-256 | 6f447b44bb4214475ce239876d771d1fa9336181e808c8f24d80e42adab348e3
GNU patch Command Injection / Directory Traversal
Posted Aug 16, 2019
Authored by Imre Rad

GNU patch suffers from command injection and various other vulnerabilities when handling specially crafted patch files.

tags | exploit, vulnerability
advisories | CVE-2018-1000156, CVE-2018-20969, CVE-2019-13636, CVE-2019-13638
SHA-256 | 46e27d51accb7a7405dd3c34e724a12c052ab52ecfe5b3acffb883ba165d5e6b
Debian Security Advisory 4489-1
Posted Jul 28, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4489-1 - Imre Rad discovered several vulnerabilities in GNU patch, leading to shell command injection or escape from the working directory and access and overwrite files, if specially crafted patch files are processed.

tags | advisory, shell, vulnerability
systems | linux, debian
advisories | CVE-2019-13636, CVE-2019-13638
SHA-256 | 629bdd444567253abe16946a2abbf219c2b6e287a64661215bc9b20cf3983ebc
Ubuntu Security Notice USN-4071-2
Posted Jul 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4071-2 - USN-4071-1 fixed several vulnerabilities in Patch. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-13636, CVE-2019-13638
SHA-256 | 0b7c4a198db51cde30cce47cc6a0ae95e2c18bd207868b3dc0dab1fbed99adb0
Ubuntu Security Notice USN-4071-1
Posted Jul 24, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4071-1 - It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. It was discovered that Patch incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2019-13636, CVE-2019-13638
SHA-256 | bb6be6ae6ab1c6d02ca25c70421ee7d9fb0267f22a1d62dae05ce539135a8dc1
Page 1 of 1
Back1Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close