Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2018-1000156

Published: 06/04/2018 Updated: 30/07/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 607
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Patch

Vulnerability Summary

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu patch 2.7.6

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

canonical ubuntu linux 12.04

canonical ubuntu linux 17.10

debian debian linux 7.0

redhat enterprise linux server aus 7.2

redhat enterprise linux server aus 7.3

redhat enterprise linux server aus 7.4

redhat enterprise linux server aus 7.6

redhat enterprise linux server aus 6.4

redhat enterprise linux server aus 6.6

redhat enterprise linux server eus 6.7

redhat enterprise linux server eus 7.4

redhat enterprise linux server eus 7.6

redhat enterprise linux server tus 7.6

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

redhat enterprise linux desktop 7.0

redhat enterprise linux server 7.0

redhat enterprise linux server tus 6.6

redhat enterprise linux server tus 7.2

redhat enterprise linux server tus 7.3

redhat enterprise linux server tus 7.4

redhat enterprise linux desktop 6.0

redhat enterprise linux workstation 7.0

redhat enterprise linux server aus 6.5

redhat enterprise linux server eus 7.3

redhat enterprise linux server eus 7.5

Vendor Advisories

Debian CVElist Bug Report Logs: patch: CVE-2018-1000156: input validation vulnerability when processing patch files
Debian Bug report logs - #894993 patch: CVE-2018-1000156: input validation vulnerability when processing patch files Package: src:patch; Maintainer for src:patch is Laszlo Boszormenyi (GCS) <gcs@debianorg>; Reported by: "brian m carlson" <sandals@crustytoothpastenet> Date: Thu, 5 Apr 2018 23:24:02 UTC Severity: g ...
Debian Security Advisories: DSA-4489-1 patch -- security update
Imre Rad discovered several vulnerabilities in GNU patch, leading to shell command injection or escape from the working directory and access and overwrite files, if specially crafted patch files are processed This update includes a bugfix for a regression introduced by the patch to address CVE-2018-1000156 when applying an ed-style patch (#933140) ...
Ubuntu Security Notice: patch vulnerabilities
Several security issues were fixed in Patch ...
Ubuntu Security Notice: patch vulnerabilities
Several security issues were fixed in Patch ...
Red Hat: Important: patch security update
Synopsis Important: patch security update Type/Severity Security Advisory: Important Topic An update for patch is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, whi ...
Red Hat: Important: patch security update
Synopsis Important: patch security update Type/Severity Security Advisory: Important Topic An update for patch is now available for Red Hat Enterprise Linux 67 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Red Hat: Important: patch security update
Synopsis Important: patch security update Type/Severity Security Advisory: Important Topic An update for patch is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Red Hat: Important: patch security update
Synopsis Important: patch security update Type/Severity Security Advisory: Important Topic An update for patch is now available for Red Hat Enterprise Linux 64 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Red Hat: Important: patch security update
Synopsis Important: patch security update Type/Severity Security Advisory: Important Topic An update for patch is now available for Red Hat Enterprise Linux 74 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Red Hat: Important: patch security update
Synopsis Important: patch security update Type/Severity Security Advisory: Important Topic An update for patch is now available for Red Hat Enterprise Linux 73 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Red Hat: Important: patch security update
Synopsis Important: patch security update Type/Severity Security Advisory: Important Topic An update for patch is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, whi ...
Red Hat: Important: patch security update
Synopsis Important: patch security update Type/Severity Security Advisory: Important Topic An update for patch is now available for Red Hat Enterprise Linux 66 Advanced Update Support and Red Hat Enterprise Linux 66 Telco Extended Update SupportRed Hat Product Security has rated this update as having a s ...
Red Hat: Important: patch security update
Synopsis Important: patch security update Type/Severity Security Advisory: Important Topic An update for patch is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, and Red Hat Enterprise Linux 72 Update Services for SAP Solut ...
Amazon Linux AMI: ALAS-2018-1008
Malicious patch files cause ed to execute arbitrary commandsGNU Patch version 276 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution This attack appear to be exploitable via a patch file processed via the patch utility This is similar to Free ...
Amazon Linux 2: ALAS2-2018-1008
Malicious patch files cause ed to execute arbitrary commandsGNU Patch version 276 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution This attack appear to be exploitable via a patch file processed via the patch utility This is similar to Free ...
Red Hat: CVE-2018-1000156
GNU Patch version 276 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution This attack appear to be exploitable via a patch file processed via the patch utility This is similar to FreeBSD's CVE-2015-1418 however although they share a common anc ...
Arch Linux Issues:
An arbitrary command execution vulnerability has been found in patch versions prior to 277 when applying ed-style patches Due to insufficient sanitization of the input patch stream, it is possible for a patch file to cause patch to pass certain ed scripts to the ed editor, which would run commands This issue could be exploited to execute arbitr ...

Github Repositories

https://github.com/khulnasoft-lab/vulnlist

vulnlist A tool for fetching, transforming, and storing vulnerability data from a variety of sources S

https://github.com/anchore/vunnel

Tool for collecting vulnerability data from various sources (used to build the grype database)

vunnel A tool for fetching, transforming, and storing vulnerability data from a variety of sources Sup

https://github.com/renovate-bot/NeXTLinux-_-vunnel

vunnel A tool for fetching, transforming, and storing vulnerability data from a variety of sources Sup

https://github.com/NeXTLinux/vunnel

vunnel A tool for fetching, transforming, and storing vulnerability data from a variety of sources Sup

https://github.com/irsl/gnu-patch-vulnerabilities

The GNU patch utility was prone vulnerable to multiple attacks through version 2.7.6. You can find my related PoC files here.

GNU patch vulnerabilities I identified several vulnerabilities in the GNU patch utility, some of them making it possible to execute arbitrary code if the victim opens a crafted patch file It also turned out, some of these vulnerabilities had been silently addressed by the maintainer back then in 2018 when CVE-2018-1000156 was reported by pushing some additional commits the sam

References

CWE-20https://twitter.com/kurtseifried/status/982028968877436928https://savannah.gnu.org/bugs/index.php?53566https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667#19http://rachelbythebay.com/w/2018/04/05/bangpatch/https://usn.ubuntu.com/3624-1/https://usn.ubuntu.com/3624-2/https://lists.debian.org/debian-lts-announce/2018/04/msg00013.htmlhttps://access.redhat.com/errata/RHSA-2018:1200https://access.redhat.com/errata/RHSA-2018:1199https://access.redhat.com/errata/RHSA-2018:2097https://access.redhat.com/errata/RHSA-2018:2096https://access.redhat.com/errata/RHSA-2018:2095https://access.redhat.com/errata/RHSA-2018:2094https://access.redhat.com/errata/RHSA-2018:2093https://access.redhat.com/errata/RHSA-2018:2092https://access.redhat.com/errata/RHSA-2018:2091https://security.gentoo.org/glsa/201904-17https://seclists.org/bugtraq/2019/Jul/54https://seclists.org/bugtraq/2019/Aug/29http://packetstormsecurity.com/files/154124/GNU-patch-Command-Injection-Directory-Traversal.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894993https://nvd.nist.govhttps://usn.ubuntu.com/3624-2/https://www.debian.org/security/2019/dsa-4489
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook