Vulnerabilities > CVE-2018-1000156 - Improper Input Validation vulnerability in multiple products

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL

Summary

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Server Side Include (SSI) Injection
    An attacker can use Server Side Include (SSI) Injection to send code to a web application that then gets executed by the web server. Doing so enables the attacker to achieve similar results to Cross Site Scripting, viz., arbitrary code execution and information disclosure, albeit on a more limited scale, since the SSI directives are nowhere near as powerful as a full-fledged scripting language. Nonetheless, the attacker can conveniently gain access to sensitive files, such as password files, and execute shell commands.
  • Cross Zone Scripting
    An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security. In a zone-based model, pages belong to one of a set of zones corresponding to the level of privilege assigned to that page. Pages in an untrusted zone would have a lesser level of access to the system and/or be restricted in the types of executable content it was allowed to invoke. In a cross-zone scripting attack, a page that should be assigned to a less privileged zone is granted the privileges of a more trusted zone. This can be accomplished by exploiting bugs in the browser, exploiting incorrect configuration in the zone controls, through a cross-site scripting attack that causes the attackers' content to be treated as coming from a more trusted page, or by leveraging some piece of system functionality that is accessible from both the trusted and less trusted zone. This attack differs from "Restful Privilege Escalation" in that the latter correlates to the inadequate securing of RESTful access methods (such as HTTP DELETE) on the server, while cross-zone scripting attacks the concept of security zones as implemented by a browser.
  • Cross Site Scripting through Log Files
    An attacker may leverage a system weakness where logs are susceptible to log injection to insert scripts into the system's logs. If these logs are later viewed by an administrator through a thin administrative interface and the log data is not properly HTML encoded before being written to the page, the attackers' scripts stored in the log will be executed in the administrative interface with potentially serious consequences. This attack pattern is really a combination of two other attack patterns: log injection and stored cross site scripting.
  • Command Line Execution through SQL Injection
    An attacker uses standard SQL injection methods to inject data into the command line for execution. This could be done directly through misuse of directives such as MSSQL_xp_cmdshell or indirectly through injection of data into the database that would be interpreted as shell commands. Sometime later, an unscrupulous backend application (or could be part of the functionality of the same application) fetches the injected data stored in the database and uses this data as command line arguments without performing proper validation. The malicious data escapes that data plane by spawning new commands to be executed on the host.

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2095.NASL
    descriptionAn update for patch is now available for Red Hat Enterprise Linux 6.6 Advanced Update Support and Red Hat Enterprise Linux 6.6 Telco Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Security Fix(es) : * patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id110757
    published2018-06-28
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110757
    titleRHEL 6 : patch (RHSA-2018:2095)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0253_PATCH.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has patch packages installed that are affected by multiple vulnerabilities: - An issue was discovered in GNU patch before 2.7.6. Out- of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file. (CVE-2016-10713) - A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6. (CVE-2018-6952) - GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156. (CVE-2019-13638) - do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter. (CVE-2018-20969) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id132496
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132496
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : patch Multiple Vulnerabilities (NS-SA-2019-0253)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1146.NASL
    descriptionAccording to the version of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD
    last seen2020-05-06
    modified2018-05-29
    plugin id110150
    published2018-05-29
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110150
    titleEulerOS 2.0 SP1 : patch (EulerOS-SA-2018-1146)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1317.NASL
    descriptiondo_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638 , but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.(CVE-2018-20969) GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156 .(CVE-2019-13638) A heap-based out-of-bounds read flaw was found in the way the patch utility parsed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patch files.(CVE-2016-10713) A double-free flaw was found in the way the patch utility processed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patches.(CVE-2018-6952)
    last seen2020-06-01
    modified2020-06-02
    plugin id130214
    published2019-10-25
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130214
    titleAmazon Linux 2 : patch (ALAS-2019-1317)
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2018-1008.NASL
    descriptionMalicious patch files cause ed to execute arbitrary commands GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD
    last seen2020-06-01
    modified2020-06-02
    plugin id109687
    published2018-05-11
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109687
    titleAmazon Linux 2 : patch (ALAS-2018-1008)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0049_LINUX.NASL
    descriptionAn update of the linux package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id121947
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121947
    titlePhoton OS 2.0: Linux PHSA-2018-2.0-0049
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_791841A3D4844878890992EF9CE424F4.NASL
    descriptionNVD reports : An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a
    last seen2020-06-01
    modified2020-06-02
    plugin id118902
    published2018-11-13
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118902
    titleFreeBSD : patch -- multiple vulnerabilities (791841a3-d484-4878-8909-92ef9ce424f4)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-ED8D7C62C9.NASL
    descriptionSecurity fix for CVE-2018-1000156 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120885
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120885
    titleFedora 28 : patch (2018-ed8d7c62c9)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2018-1008.NASL
    descriptionMalicious patch files cause ed to execute arbitrary commands GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD
    last seen2020-06-01
    modified2020-06-02
    plugin id109696
    published2018-05-11
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109696
    titleAmazon Linux AMI : patch (ALAS-2018-1008)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1200.NASL
    descriptionAn update for patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Patch should be installed because it is a common way of upgrading applications. Security Fix(es) : * patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id109301
    published2018-04-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109301
    titleRHEL 7 : patch (RHSA-2018:1200)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-416.NASL
    descriptionThis update for patch fixes the following issues : Security issues fixed : - CVE-2018-1000156: Malicious patch files cause ed to execute arbitrary commands (bsc#1088420). - CVE-2018-6951: Fixed NULL pointer dereference in the intuit_diff_type function in pch.c (bsc#1080918). - CVE-2016-10713: Fixed out-of-bounds access within pch_write_line() in pch.c (bsc#1080918). This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2018-05-03
    plugin id109540
    published2018-05-03
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109540
    titleopenSUSE Security Update : patch (openSUSE-2018-416)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2018-096-01.NASL
    descriptionNew patch packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix a security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id108890
    published2018-04-10
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/108890
    titleSlackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : patch (SSA:2018-096-01)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1199.NASL
    descriptionAn update for patch is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Patch should be installed because it is a common way of upgrading applications. Security Fix(es) : * patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id109300
    published2018-04-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109300
    titleRHEL 6 : patch (RHSA-2018:1199)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-1199.NASL
    descriptionFrom Red Hat Security Advisory 2018:1199 : An update for patch is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Patch should be installed because it is a common way of upgrading applications. Security Fix(es) : * patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id109297
    published2018-04-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109297
    titleOracle Linux 6 : patch (ELSA-2018-1199)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0029_PATCH.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has patch packages installed that are affected by a vulnerability: - GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD
    last seen2020-06-01
    modified2020-06-02
    plugin id127194
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127194
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : patch Vulnerability (NS-SA-2019-0029)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1162-1.NASL
    descriptionThis update for patch fixes several issues. These security issues were fixed : - CVE-2018-1000156: patch: Malicious patch files cause ed to execute arbitrary commands (bsc#1088420). - CVE-2014-9637: Prevent DoS by remote attackers (memory consumption and segmentation fault) via a crafted diff file (bsc#914891). - CVE-2016-10713: Prevent out-of-bounds access within pch_write_line() that could have lead to DoS via a crafted input file (bsc#1080918). - CVE-2010-4651: Fixed a directory traversal bug (bsc#662957) : Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109599
    published2018-05-08
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109599
    titleSUSE SLES11 Security Update : patch (SUSE-SU-2018:1162-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0142.NASL
    descriptionAn update of {'patch'} packages of Photon OS has been released.
    last seen2019-02-08
    modified2019-02-07
    plugin id111271
    published2018-07-24
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111271
    titlePhoton OS 1.0 : patch (PhotonOS-PHSA-2018-1.0-0142) (deprecated)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1022.NASL
    descriptionAccording to the versions of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.(CVE-2018-20969) - GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.(CVE-2019-13638) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2020-01-02
    plugin id132615
    published2020-01-02
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132615
    titleEulerOS 2.0 SP8 : patch (EulerOS-SA-2020-1022)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0049.NASL
    descriptionAn update of {'linux-esx', 'linux', 'patch', 'linux-aws', 'linux- secure'} packages of Photon OS has been released. This kernel update mitigates vulnerability CVE-2018-3639 which is referred to as Speculative Store Bypass issue
    last seen2019-02-21
    modified2019-02-07
    plugin id111304
    published2018-07-24
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111304
    titlePhoton OS 2.0 : linux-esx / linux / patch / linux-aws / linux-secure (PhotonOS-PHSA-2018-2.0-0049) (deprecated)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1147.NASL
    descriptionAccording to the version of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD
    last seen2020-05-06
    modified2018-05-29
    plugin id110151
    published2018-05-29
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110151
    titleEulerOS 2.0 SP2 : patch (EulerOS-SA-2018-1147)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2092.NASL
    descriptionAn update for patch is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Security Fix(es) : * patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id110754
    published2018-06-28
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110754
    titleRHEL 7 : patch (RHSA-2018:2092)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1312.NASL
    descriptiondo_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638 , but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.(CVE-2018-20969) GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156 . (CVE-2019-13638) A heap-based out-of-bounds read flaw was found in the way the patch utility parsed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patch files.(CVE-2016-10713) A double-free flaw was found in the way the patch utility processed patch files. An attacker could potentially use this flaw to crash the patch utility by tricking it into processing crafted patches.(CVE-2018-6952)
    last seen2020-06-01
    modified2020-06-02
    plugin id130282
    published2019-10-28
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130282
    titleAmazon Linux AMI : patch (ALAS-2019-1312)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2096.NASL
    descriptionAn update for patch is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Security Fix(es) : * patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id110758
    published2018-06-28
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110758
    titleRHEL 6 : patch (RHSA-2018:2096)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2091.NASL
    descriptionAn update for patch is now available for Red Hat Enterprise Linux 7.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Security Fix(es) : * patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id110753
    published2018-06-28
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110753
    titleRHEL 7 : patch (RHSA-2018:2091)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0138_PATCH.NASL
    descriptionThe remote NewStart CGSL host, running version MAIN 4.05, has patch packages installed that are affected by a vulnerability: - GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD
    last seen2020-06-01
    modified2020-06-02
    plugin id127399
    published2019-08-12
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127399
    titleNewStart CGSL MAIN 4.05 : patch Vulnerability (NS-SA-2019-0138)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0223_PATCH.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has patch packages installed that are affected by multiple vulnerabilities: - GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156. (CVE-2019-13638) - do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter. (CVE-2018-20969) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id131420
    published2019-12-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131420
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : patch Multiple Vulnerabilities (NS-SA-2019-0223)
  • NASL familyOracleVM Local Security Checks
    NASL idORACLEVM_OVMSA-2018-0036.NASL
    descriptionThe remote OracleVM system is missing necessary patches to address critical security updates : - Fixed year overflow detected in rpmdiff - Fixed CVE-2018-1000156 - Malicious patch files cause ed to execute arbitrary commands
    last seen2020-06-01
    modified2020-06-02
    plugin id109334
    published2018-04-25
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109334
    titleOracleVM 3.3 / 3.4 : patch (OVMSA-2018-0036)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0142_PATCH.NASL
    descriptionAn update of the patch package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id121843
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121843
    titlePhoton OS 1.0: Patch PHSA-2018-1.0-0142
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0049_PATCH.NASL
    descriptionAn update of the patch package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id121948
    published2019-02-07
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121948
    titlePhoton OS 2.0: Patch PHSA-2018-2.0-0049
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2093.NASL
    descriptionAn update for patch is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Security Fix(es) : * patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id110755
    published2018-06-28
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110755
    titleRHEL 7 : patch (RHSA-2018:2093)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1065.NASL
    descriptionAccording to the versions of the patch package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.(CVE-2019-13638) - do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.(CVE-2018-20969) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id132819
    published2020-01-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132819
    titleEulerOS Virtualization for ARM 64 3.0.5.0 : patch (EulerOS-SA-2020-1065)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-4489.NASL
    descriptionImre Rad discovered several vulnerabilities in GNU patch, leading to shell command injection or escape from the working directory and access and overwrite files, if specially crafted patch files are processed. This update includes a bugfix for a regression introduced by the patch to address CVE-2018-1000156 when applying an ed-style patch (#933140).
    last seen2020-06-01
    modified2020-06-02
    plugin id127102
    published2019-07-29
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127102
    titleDebian DSA-4489-1 : patch - security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2219.NASL
    descriptionAccording to the versions of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.(CVE-2018-20969) - GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.(CVE-2019-13638) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-08
    plugin id130681
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130681
    titleEulerOS 2.0 SP5 : patch (EulerOS-SA-2019-2219)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1348.NASL
    descriptionIt was discovered that there was an input validation vulnerability in the patch(1) utility where an ed(1) script embedded in a regular input file could result in arbitrary code execution. This was reported by Rachel Kroll [0] et al. For Debian 7
    last seen2020-03-17
    modified2018-04-17
    plugin id109063
    published2018-04-17
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109063
    titleDebian DLA-1348-1 : patch security update
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180423_PATCH_ON_SL6_X.NASL
    descriptionPatch should be installed because it is a common way of upgrading applications. Security Fix(es) : - patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156)
    last seen2020-03-18
    modified2018-04-24
    plugin id109308
    published2018-04-24
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109308
    titleScientific Linux Security Update : patch on SL6.x i386/x86_64 (20180423)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-1199.NASL
    descriptionAn update for patch is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Patch should be installed because it is a common way of upgrading applications. Security Fix(es) : * patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id109528
    published2018-05-03
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109528
    titleCentOS 6 : patch (CESA-2018:1199)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2018-1200.NASL
    descriptionFrom Red Hat Security Advisory 2018:1200 : An update for patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Patch should be installed because it is a common way of upgrading applications. Security Fix(es) : * patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id109298
    published2018-04-24
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109298
    titleOracle Linux 7 : patch (ELSA-2018-1200)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1225.NASL
    descriptionAccording to the versions of the patch package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.(CVE-2016-10713) - GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.(CVE-2014-9637) - GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.(CVE-2015-1196) - GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.(CVE-2019-13638) - do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.(CVE-2018-20969) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2020-03-13
    plugin id134514
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134514
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : patch (EulerOS-SA-2020-1225)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3624-1.NASL
    descriptionIt was discovered that Patch incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. (CVE-2016-10713) It was discovered that Patch incorrectly handled certain input validation. An attacker could possibly use this to execute arbitrary code. (CVE-2018-1000156) It was discovered that Patch incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. (CVE-2018-6951). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109002
    published2018-04-11
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109002
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.10 : patch vulnerabilities (USN-3624-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1128-1.NASL
    descriptionThis update for patch fixes the following issues: Security issues fixed : - CVE-2018-1000156: Malicious patch files cause ed to execute arbitrary commands (bsc#1088420). - CVE-2018-6951: Fixed NULL pointer dereference in the intuit_diff_type function in pch.c (bsc#1080918). - CVE-2016-10713: Fixed out-of-bounds access within pch_write_line() in pch.c (bsc#1080918). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109549
    published2018-05-03
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109549
    titleSUSE SLED12 / SLES12 Security Update : patch (SUSE-SU-2018:1128-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1378.NASL
    descriptionAccording to the version of the patch package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD
    last seen2020-06-01
    modified2020-06-02
    plugin id119069
    published2018-11-21
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/119069
    titleEulerOS Virtualization 2.5.1 : patch (EulerOS-SA-2018-1378)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2018-1184.NASL
    descriptionAccording to the version of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD
    last seen2020-05-06
    modified2018-07-03
    plugin id110848
    published2018-07-03
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110848
    titleEulerOS 2.0 SP3 : patch (EulerOS-SA-2018-1184)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2645.NASL
    descriptionAccording to the versions of the patch package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.(CVE-2016-10713) - do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.(CVE-2018-20969) - GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.(CVE-2015-1196) - GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.(CVE-2014-9637) - GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.(CVE-2019-13638) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-18
    plugin id132180
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132180
    titleEulerOS 2.0 SP3 : patch (EulerOS-SA-2019-2645)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2094.NASL
    descriptionAn update for patch is now available for Red Hat Enterprise Linux 6.7 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Security Fix(es) : * patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id110756
    published2018-06-28
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110756
    titleRHEL 6 : patch (RHSA-2018:2094)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2018-1200.NASL
    descriptionAn update for patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Patch should be installed because it is a common way of upgrading applications. Security Fix(es) : * patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id110241
    published2018-05-31
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110241
    titleCentOS 7 : patch (CESA-2018:1200)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-88A4219528.NASL
    descriptionSecurity fix for CVE-2018-1000156 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-05-16
    plugin id109822
    published2018-05-16
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109822
    titleFedora 26 : patch (2018-88a4219528)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-23A1B5975A.NASL
    descriptionSecurity fix for CVE-2018-1000156 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-05-16
    plugin id109819
    published2018-05-16
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109819
    titleFedora 27 : patch (2018-23a1b5975a)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1446.NASL
    descriptionAccording to the versions of the patch package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.(CVE-2018-6952) - Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.(CVE-2015-1395) - An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.(CVE-2016-10713) - GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.(CVE-2014-9637) - This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.(CVE-2015-1196) - GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.(CVE-2019-13638) - do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.(CVE-2018-20969) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-30
    modified2020-04-16
    plugin id135608
    published2020-04-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135608
    titleEulerOS Virtualization 3.0.2.2 : patch (EulerOS-SA-2020-1446)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20180423_PATCH_ON_SL7_X.NASL
    descriptionPatch should be installed because it is a common way of upgrading applications. Security Fix(es) : - patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156)
    last seen2020-03-18
    modified2018-05-01
    plugin id109462
    published2018-05-01
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109462
    titleScientific Linux Security Update : patch on SL7.x x86_64 (20180423)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201904-17.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201904-17 (Patch: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Patch. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id124130
    published2019-04-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124130
    titleGLSA-201904-17 : Patch: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-2097.NASL
    descriptionAn update for patch is now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file (patching the file). Security Fix(es) : * patch: Malicious patch files cause ed to execute arbitrary commands (CVE-2018-1000156) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id110759
    published2018-06-28
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110759
    titleRHEL 6 : patch (RHSA-2018:2097)

Redhat

advisories
  • bugzilla
    id1564326
    titleCVE-2018-1000156 patch: Malicious patch files cause ed to execute arbitrary commands
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 6 is installed
        ovaloval:com.redhat.rhba:tst:20111656003
      • commentpatch is earlier than 0:2.6-8.el6_9
        ovaloval:com.redhat.rhsa:tst:20181199001
      • commentpatch is signed with Red Hat redhatrelease2 key
        ovaloval:com.redhat.rhsa:tst:20181199002
    rhsa
    idRHSA-2018:1199
    released2018-04-23
    severityImportant
    titleRHSA-2018:1199: patch security update (Important)
  • bugzilla
    id1564326
    titleCVE-2018-1000156 patch: Malicious patch files cause ed to execute arbitrary commands
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • commentpatch is earlier than 0:2.7.1-10.el7_5
        ovaloval:com.redhat.rhsa:tst:20181200001
      • commentpatch is signed with Red Hat redhatrelease2 key
        ovaloval:com.redhat.rhsa:tst:20181199002
    rhsa
    idRHSA-2018:1200
    released2018-04-23
    severityImportant
    titleRHSA-2018:1200: patch security update (Important)
  • rhsa
    idRHSA-2018:2091
  • rhsa
    idRHSA-2018:2092
  • rhsa
    idRHSA-2018:2093
  • rhsa
    idRHSA-2018:2094
  • rhsa
    idRHSA-2018:2095
  • rhsa
    idRHSA-2018:2096
  • rhsa
    idRHSA-2018:2097
rpms
  • patch-0:2.6-8.el6_9
  • patch-debuginfo-0:2.6-8.el6_9
  • patch-0:2.7.1-10.el7_5
  • patch-debuginfo-0:2.7.1-10.el7_5
  • patch-0:2.7.1-10.el7_4
  • patch-debuginfo-0:2.7.1-10.el7_4
  • patch-0:2.7.1-10.el7_3
  • patch-debuginfo-0:2.7.1-10.el7_3
  • patch-0:2.7.1-10.el7_2
  • patch-debuginfo-0:2.7.1-10.el7_2
  • patch-0:2.6-8.el6_7
  • patch-debuginfo-0:2.6-8.el6_7
  • patch-0:2.6-8.el6_6
  • patch-debuginfo-0:2.6-8.el6_6
  • patch-0:2.6-8.el6_5
  • patch-debuginfo-0:2.6-8.el6_5
  • patch-0:2.6-8.el6_4
  • patch-debuginfo-0:2.6-8.el6_4