Vulnerabilities > CVE-2018-6951 - NULL Pointer Dereference vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
gnu
canonical
CWE-476
nessus

Summary

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a "mangled rename" issue.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0037.NASL
    descriptionAn update of {'mercurial', 'python2', 'zsh', 'pycrypto', 'patch', 'binutils', 'paramiko', 'httpd', 'mysql', 'xerces-c', 'util-linux', 'net-snmp', 'python3', 'sqlite'} packages of Photon OS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111297
    published2018-07-24
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111297
    titlePhoton OS 2.0 : Zsh / Python3 / Xerces / Mercurial / Pmd / Pycrypto / Net / Python2 / Util / Mysql / Paramiko / Binutils / Patch / Sqlite (PhotonOS-PHSA-2018-2.0-0037) (deprecated)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # Disabled on 2/7/2019
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2018-2.0-0037. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111297);
      script_version("1.3");
      script_cvs_date("Date: 2019/04/05 23:25:07");
    
      script_cve_id(
        "CVE-2017-12627",
        "CVE-2017-18207",
        "CVE-2018-1303",
        "CVE-2018-2573",
        "CVE-2018-2583",
        "CVE-2018-2612",
        "CVE-2018-2622",
        "CVE-2018-2640",
        "CVE-2018-2665",
        "CVE-2018-2668",
        "CVE-2018-2703",
        "CVE-2018-6594",
        "CVE-2018-6951",
        "CVE-2018-7208",
        "CVE-2018-7549",
        "CVE-2018-7643",
        "CVE-2018-7738",
        "CVE-2018-7750",
        "CVE-2018-8740",
        "CVE-2018-1000030",
        "CVE-2018-1000116",
        "CVE-2018-1000117",
        "CVE-2018-1000132"
      );
      script_bugtraq_id(
        102678,
        102681,
        102682,
        102704,
        102706,
        102708,
        102709,
        102710,
        103044,
        103077,
        103219,
        103264,
        103367,
        103466,
        103522,
        103713,
        104527
      );
    
      script_name(english:"Photon OS 2.0 : Zsh / Python3 / Xerces / Mercurial / Pmd / Pycrypto / Net / Python2 / Util / Mysql / Paramiko / Binutils / Patch / Sqlite (PhotonOS-PHSA-2018-2.0-0037) (deprecated)");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "This plugin has been deprecated.");
      script_set_attribute(attribute:"description", value:
    "An update of {'mercurial', 'python2', 'zsh', 'pycrypto', 'patch',
    'binutils', 'paramiko', 'httpd', 'mysql', 'xerces-c', 'util-linux',
    'net-snmp', 'python3', 'sqlite'} packages of Photon OS has been
    released.");
      # https://github.com/vmware/photon/wiki/Security-Updates-2-37
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5a24de30");
      script_set_attribute(attribute:"solution", value:"n/a.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12627");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2018/04/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/24");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:zsh");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python3");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:xerces");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:mercurial");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:pmd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:pycrypto");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:net");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python2");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:util");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:paramiko");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:binutils");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:patch");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:sqlite");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    exit(0, "This plugin has been deprecated.");
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    pkgs = [
      "binutils-2.30-4.ph2",
      "binutils-debuginfo-2.30-4.ph2",
      "binutils-devel-2.30-4.ph2",
      "mercurial-4.5.3-1.ph2",
      "mercurial-debuginfo-4.5.3-1.ph2",
      "mysql-5.7.21-1.ph2",
      "mysql-debuginfo-5.7.21-1.ph2",
      "mysql-devel-5.7.21-1.ph2",
      "net-snmp-5.7.3-8.ph2",
      "net-snmp-debuginfo-5.7.3-8.ph2",
      "net-snmp-devel-5.7.3-8.ph2",
      "paramiko-2.1.5-1.ph2",
      "patch-2.7.5-5.ph2",
      "patch-debuginfo-2.7.5-5.ph2",
      "pmd-python2-0.0.5-5.ph2",
      "pmd-python3-0.0.5-5.ph2",
      "pycrypto-2.6.1-4.ph2",
      "pycrypto-debuginfo-2.6.1-4.ph2",
      "python2-2.7.13-12.ph2",
      "python2-debuginfo-2.7.13-12.ph2",
      "python2-devel-2.7.13-12.ph2",
      "python2-libs-2.7.13-12.ph2",
      "python2-test-2.7.13-12.ph2",
      "python2-tools-2.7.13-12.ph2",
      "python3-3.6.5-1.ph2",
      "python3-curses-3.6.5-1.ph2",
      "python3-debuginfo-3.6.5-1.ph2",
      "python3-devel-3.6.5-1.ph2",
      "python3-libs-3.6.5-1.ph2",
      "python3-paramiko-2.1.5-1.ph2",
      "python3-paramiko-2.1.5-1.ph2",
      "python3-pip-3.6.5-1.ph2",
      "python3-pycrypto-2.6.1-4.ph2",
      "python3-pycrypto-2.6.1-4.ph2",
      "python3-setuptools-3.6.5-1.ph2",
      "python3-test-3.6.5-1.ph2",
      "python3-tools-3.6.5-1.ph2",
      "python3-xml-3.6.5-1.ph2",
      "sqlite-3.22.0-2.ph2",
      "sqlite-debuginfo-3.22.0-2.ph2",
      "sqlite-devel-3.22.0-2.ph2",
      "sqlite-libs-3.22.0-2.ph2",
      "util-linux-2.32-1.ph2",
      "util-linux-debuginfo-2.32-1.ph2",
      "util-linux-devel-2.32-1.ph2",
      "util-linux-lang-2.32-1.ph2",
      "util-linux-libs-2.32-1.ph2",
      "xerces-c-3.2.1-1.ph2",
      "xerces-c-debuginfo-3.2.1-1.ph2",
      "xerces-c-devel-3.2.1-1.ph2",
      "zsh-5.3.1-6.ph2",
      "zsh-debuginfo-5.3.1-6.ph2",
      "zsh-html-5.3.1-6.ph2"
    ];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"PhotonOS-2.0", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "zsh / python3 / xerces / mercurial / pmd / pycrypto / net / python2 / util / mysql / paramiko / binutils / patch / sqlite");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-D547A126E7.NASL
    descriptionSecurity fix for CVE-2018-6951 and CVE-2018-6952 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-10-22
    plugin id118245
    published2018-10-22
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118245
    titleFedora 27 : patch (2018-d547a126e7)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_791841A3D4844878890992EF9CE424F4.NASL
    descriptionNVD reports : An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a
    last seen2020-06-01
    modified2020-06-02
    plugin id118902
    published2018-11-13
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118902
    titleFreeBSD : patch -- multiple vulnerabilities (791841a3-d484-4878-8909-92ef9ce424f4)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-416.NASL
    descriptionThis update for patch fixes the following issues : Security issues fixed : - CVE-2018-1000156: Malicious patch files cause ed to execute arbitrary commands (bsc#1088420). - CVE-2018-6951: Fixed NULL pointer dereference in the intuit_diff_type function in pch.c (bsc#1080918). - CVE-2016-10713: Fixed out-of-bounds access within pch_write_line() in pch.c (bsc#1080918). This update was imported from the SUSE:SLE-12:Update update project.
    last seen2020-06-05
    modified2018-05-03
    plugin id109540
    published2018-05-03
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109540
    titleopenSUSE Security Update : patch (openSUSE-2018-416)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0126.NASL
    descriptionAn update of 'paramiko', 'mysql', 'mercurial', 'binutils', 'pycrypto', 'patch', 'sqlite-autoconf', 'httpd', 'python3', 'xerces-c', 'strongswan', 'net-snmp' packages of Photon OS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111930
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111930
    titlePhoton OS 1.0: Binutils / Httpd / Mercurial / Mysql / Net / Paramiko / Patch / Pycrypto / Python3 / Sqlite / Strongswan / Xerces PHSA-2018-1.0-0126 (deprecated)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-B127E58641.NASL
    descriptionNew upstream release, including security fixes for CVE-2016-10713, CVE-2018-6951, CVE-2018-6952. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-02-21
    plugin id106915
    published2018-02-21
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106915
    titleFedora 27 : patch (2018-b127e58641)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3624-1.NASL
    descriptionIt was discovered that Patch incorrectly handled certain files. An attacker could possibly use this to cause a denial of service. (CVE-2016-10713) It was discovered that Patch incorrectly handled certain input validation. An attacker could possibly use this to execute arbitrary code. (CVE-2018-1000156) It was discovered that Patch incorrectly handled certain inputs. An attacker could possibly use this to cause a denial of service. (CVE-2018-6951). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109002
    published2018-04-11
    reporterUbuntu Security Notice (C) 2018-2019 Canonical, Inc. / NASL script (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109002
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.10 : patch vulnerabilities (USN-3624-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-1128-1.NASL
    descriptionThis update for patch fixes the following issues: Security issues fixed : - CVE-2018-1000156: Malicious patch files cause ed to execute arbitrary commands (bsc#1088420). - CVE-2018-6951: Fixed NULL pointer dereference in the intuit_diff_type function in pch.c (bsc#1080918). - CVE-2016-10713: Fixed out-of-bounds access within pch_write_line() in pch.c (bsc#1080918). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id109549
    published2018-05-03
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109549
    titleSUSE SLED12 / SLES12 Security Update : patch (SUSE-SU-2018:1128-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0126_PATCH.NASL
    descriptionAn update of the patch package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121826
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121826
    titlePhoton OS 1.0: Patch PHSA-2018-1.0-0126
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-C255F16BFE.NASL
    descriptionSecurity fix for CVE-2018-6951 and CVE-2018-6952 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120761
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120761
    titleFedora 28 : patch (2018-c255f16bfe)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201904-17.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201904-17 (Patch: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Patch. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id124130
    published2019-04-18
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/124130
    titleGLSA-201904-17 : Patch: Multiple vulnerabilities
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2343.NASL
    descriptionAccording to the version of the patch package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A NULL pointer dereference flaw was found in the way patch processed patch files. An attacker could potentially use this flaw to crash patch by tricking it into processing crafted patches.(CVE-2018-6951) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131508
    published2019-12-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131508
    titleEulerOS Virtualization for ARM 64 3.0.3.0 : patch (EulerOS-SA-2019-2343)