CVE-2018-1000156

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.

Link	Resource
https://twitter.com/kurtseifried/status/982028968877436928	Third Party Advisory
https://savannah.gnu.org/bugs/index.php?53566	Vendor Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667#19	Issue Tracking Third Party Advisory
http://rachelbythebay.com/w/2018/04/05/bangpatch/	Third Party Advisory
https://usn.ubuntu.com/3624-1/	Third Party Advisory
https://usn.ubuntu.com/3624-2/	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/04/msg00013.html	Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1200	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1199	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2097	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2096	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2095	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2094	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2093	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2092	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2091	Third Party Advisory
https://security.gentoo.org/glsa/201904-17	Third Party Advisory
https://seclists.org/bugtraq/2019/Jul/54
https://seclists.org/bugtraq/2019/Aug/29
http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html

Configuration 1

cpe:2.3:a:gnu:patch:2.7.6:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*

---

Published : 2018-04-06 01:29

Updated : 2019-07-30 10:15

---

NVD link : CVE-2018-1000156

Mitre link : CVE-2018-1000156

No products.

CWE-20