7.8 - USN-2651-1

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	GNU patch vulnerabilities

Informations
Name	USN-2651-1	First vendor Publication	2015-06-22
Vendor	Ubuntu	Last vendor Modification	2015-06-22
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:C/A:N)
Cvss Base Score	7.8	Attack Range	Network
Cvss Impact Score	6.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in GNU patch.

Software Description: - patch: Apply a diff file to an original

Details:

Jakub Wilk discovered that GNU patch did not correctly handle file paths in patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS. (CVE-2010-4651)

László Böszörményi discovered that GNU patch did not correctly handle some patch files. An attacker could specially craft a patch file that could cause a denial of service. (CVE-2014-9637)

Jakub Wilk discovered that GNU patch did not correctly handle symbolic links in git style patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1196)

Jakub Wilk discovered that GNU patch did not correctly handle file renames in git style patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1395)

Jakub Wilk discovered the fix for CVE-2015-1196 was incomplete for GNU patch. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1396)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 14.10:
patch 2.7.1-5ubuntu0.3

Ubuntu 14.04 LTS:
patch 2.7.1-4ubuntu2.3

Ubuntu 12.04 LTS:
patch 2.6.1-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2651-1
CVE-2010-4651, CVE-2014-9637, CVE-2015-1196, CVE-2015-1395,
CVE-2015-1396

Package Information:
https://launchpad.net/ubuntu/+source/patch/2.7.1-5ubuntu0.3
https://launchpad.net/ubuntu/+source/patch/2.7.1-4ubuntu2.3
https://launchpad.net/ubuntu/+source/patch/2.6.1-3ubuntu0.1

Original Source

Url : http://www.ubuntu.com/usn/USN-2651-1

CWE : Common Weakness Enumeration

%	Id	Name
60 %	CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)
20 %	CWE-399	Resource Management Errors
20 %	CWE-59	Improper Link Resolution Before File Access ('Link Following')

CPE : Common Platform Enumeration

Type	Description	Count
Application	Gnu Gnu Patch cpe:2.3:a:gnu:gnu_patch:2.6:::::::* cpe:2.3:a:gnu:gnu_patch:2.5.9:::::::* cpe:2.3:a:gnu:gnu_patch:2.5.4:::::::* cpe:2.3:a:gnu:gnu_patch:2.5:::::::*	4
Application	Gnu Patch cpe:2.3:a:gnu:patch:2.7.1:::::::* cpe:2.3:a:gnu:patch:2.7:::::::* cpe:2.3:a:gnu:patch::::::::	3
Os	Canonical Ubuntu Linux cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::* cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts::: cpe:2.3:o:canonical:ubuntu_linux:12.04::::lts:::	3
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:11.0:::::::* cpe:2.3:o:debian:debian_linux:10.0:::::::* cpe:2.3:o:debian:debian_linux:9.0:::::::* cpe:2.3:o:debian:debian_linux:8.0:::::::*	4
Os	Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:21:::::::* cpe:2.3:o:fedoraproject:fedora:20:::::::*	2
Os	Mageia cpe:2.3:o:mageia:mageia:4.0:::::::*	1
Os	Opensuse cpe:2.3:o:opensuse:opensuse:13.2:::::::* cpe:2.3:o:opensuse:opensuse:13.1:::::::*	2
Os	Oracle Solaris cpe:2.3:o:oracle:solaris:11.2:::::::*	1

OpenVAS Exploits

Date	Description
2012-09-15	Name : Slackware Advisory SSA:2012-257-02 patch File : nvt/esoft_slk_ssa_2012_257_02.nasl
2011-08-19	Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-004) File : nvt/secpod_macosx_su11-004.nasl
2011-03-15	Name : Fedora Update for patch FEDORA-2011-1269 File : nvt/gb_fedora_2011_1269_patch_fc13.nasl
2011-03-15	Name : Fedora Update for patch FEDORA-2011-1272 File : nvt/gb_fedora_2011_1272_patch_fc14.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
71023	GNU patch util.c Directory Traversal Arbitrary File Creation GNU contains a flaw that allows a local attacker to traverse outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via patches. This directory traversal attack would allow the attacker to create and modify arbitrary files.

Nessus® Vulnerability Scanner

Date	Description
2015-06-23	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-2651-1.nasl - Type : ACT_GATHER_INFO
2015-06-10	Name : The remote SUSE host is missing one or more security updates. File : suse_SU-2015-1019-1.nasl - Type : ACT_GATHER_INFO
2015-04-07	Name : The remote Fedora host is missing a security update. File : fedora_2015-1165.nasl - Type : ACT_GATHER_INFO
2015-03-30	Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2015-138.nasl - Type : ACT_GATHER_INFO
2015-03-19	Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2015-050.nasl - Type : ACT_GATHER_INFO
2015-02-17	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2015-047-01.nasl - Type : ACT_GATHER_INFO
2015-02-04	Name : The remote openSUSE host is missing a security update. File : openSUSE-2015-98.nasl - Type : ACT_GATHER_INFO
2015-02-02	Name : The remote Fedora host is missing a security update. File : fedora_2015-1134.nasl - Type : ACT_GATHER_INFO
2015-01-19	Name : The remote Solaris system is missing a security patch for third-party software. File : solaris11_gnu-patch_20141120.nasl - Type : ACT_GATHER_INFO
2012-09-14	Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2012-257-02.nasl - Type : ACT_GATHER_INFO
2011-06-24	Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_10_6_8.nasl - Type : ACT_GATHER_INFO
2011-06-24	Name : The remote host is missing a Mac OS X update that fixes several security issues. File : macosx_SecUpd2011-004.nasl - Type : ACT_GATHER_INFO
2011-03-08	Name : The remote Fedora host is missing a security update. File : fedora_2011-1269.nasl - Type : ACT_GATHER_INFO
2011-03-08	Name : The remote Fedora host is missing a security update. File : fedora_2011-1272.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2017-08-30 09:22:15	Multiple Updates
2017-08-26 00:24:48	Multiple Updates
2015-06-24 13:27:51	Multiple Updates
2015-06-23 05:25:56	First insertion

Global Informations

Type	Count
CWE ID(s)	5
CPE ID(s)	20
osvdb(s)	1
Openvas Exploit(s)	4
Nessus® Exploit(s)	14

	Related
7.5	CVE-2015-1396
7.5	CVE-2015-1395
5.8	CVE-2010-4651
5.5	CVE-2014-9637
4.3	CVE-2015-1196
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 5 more Alert(s)