Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2015-1196

Published: 21/01/2015 Updated: 30/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Opensuse

Vulnerability Summary

GNU patch 2.7.1 allows remote malicious users to write to arbitrary files via a symlink attack in a patch file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

opensuse opensuse 13.2

opensuse opensuse 13.1

oracle solaris 11.2

gnu patch 2.7.1

Vendor Advisories

Ubuntu Security Notice: patch vulnerabilities
Several security issues were fixed in GNU patch ...
Debian CVElist Bug Report Logs: patch: CVE-2015-1196: directory traversal via symlinks
Debian Bug report logs - #775227 patch: CVE-2015-1196: directory traversal via symlinks Package: patch; Maintainer for patch is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Source for patch is src:patch (PTS, buildd, popcon) Reported by: Jakub Wilk <jwilk@debianorg> Date: Mon, 12 Jan 2015 19:27:02 UTC Severity: norma ...
Debian CVElist Bug Report Logs: patch: CVE-2015-1395: directory traversal via file rename
Debian Bug report logs - #775873 patch: CVE-2015-1395: directory traversal via file rename Package: patch; Maintainer for patch is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Source for patch is src:patch (PTS, buildd, popcon) Reported by: Jakub Wilk <jwilk@debianorg> Date: Tue, 20 Jan 2015 22:51:01 UTC Severity: gr ...
Debian CVElist Bug Report Logs: patch: CVE-2015-1396: another directory traversal via symlinks
Debian Bug report logs - #775901 patch: CVE-2015-1396: another directory traversal via symlinks Package: patch; Maintainer for patch is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Source for patch is src:patch (PTS, buildd, popcon) Reported by: Jakub Wilk <jwilk@debianorg> Date: Wed, 21 Jan 2015 10:42:06 UTC Severit ...
Red Hat: CVE-2015-1196
GNU patch 271 allows remote attackers to write to arbitrary files via a symlink attack in a patch file ...

References

CWE-59https://bugzilla.redhat.com/show_bug.cgi?id=1182154https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3http://seclists.org/oss-sec/2015/q1/173http://www.securityfocus.com/bid/72074http://lists.opensuse.org/opensuse-updates/2015-02/msg00013.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/99967https://usn.ubuntu.com/2651-1/https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2015-1196
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook