Vulnerability Details : CVE-2018-1000156
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.
Vulnerability category: Input validation
Products affected by CVE-2018-1000156
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:patch:2.7.6:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-1000156
1.37%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-1000156
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2018-1000156
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-1000156
-
https://access.redhat.com/errata/RHSA-2018:2095
RHSA-2018:2095 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://seclists.org/bugtraq/2019/Jul/54
Bugtraq: [SECURITY] [DSA 4489-1] patch security update
-
http://rachelbythebay.com/w/2018/04/05/bangpatch/
patch runs ed, and ed can run anythingThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2093
RHSA-2018:2093 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:1199
RHSA-2018:1199 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2018/04/msg00013.html
[SECURITY] [DLA 1348-1] patch security updateMailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2094
RHSA-2018:2094 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:1200
RHSA-2018:1200 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667#19
#894667 - beep: CVE-2018-0492 - Debian Bug report logsIssue Tracking;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2092
RHSA-2018:2092 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2097
RHSA-2018:2097 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://seclists.org/bugtraq/2019/Aug/29
Bugtraq: Details about recent GNU patch vulnerabilities
-
https://usn.ubuntu.com/3624-1/
USN-3624-1: Patch vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://usn.ubuntu.com/3624-2/
USN-3624-2: Patch vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2091
RHSA-2018:2091 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://twitter.com/kurtseifried/status/982028968877436928
Kurt Seifried on Twitter: "So @drdavidawheeler pointed out this to me: https://t.co/YU6b9iTtwh TL;DR: patch can execute commands. A flaw right? No. A terrible horrible feature (that is also a flaw). 1Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2018:2096
RHSA-2018:2096 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://savannah.gnu.org/bugs/index.php?53566
GNU patch - Bugs: bug #53566, Ed support allows arbitrary... [Savannah]Vendor Advisory
-
https://security.gentoo.org/glsa/201904-17
Patch: Multiple vulnerabilities (GLSA 201904-17) — Gentoo securityThird Party Advisory
-
http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.html
GNU patch Command Injection / Directory Traversal ≈ Packet Storm
Jump to