[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

ALAS-2018-1008 ---- patch

ID: oval:org.secpod.oval:def:1600885Date: (C)2018-05-15   (M)2021-09-11
Class: PATCHFamily: unix




Malicious patch files cause ed to execute arbitrary commandsGNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD#039;s CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.

Platform:
Amazon Linux AMI
Product:
patch
Reference:
ALAS-2018-1008
CVE-2018-1000156
CVE    1
CVE-2018-1000156
CPE    2
cpe:/o:amazon:linux
cpe:/a:gnu:patch

© SecPod Technologies