CVE-2015-1396

Опубликовано: 25 нояб. 2019

Источник: nvd

CVSS3: 7.5

CVSS2: 6.4

EPSS Низкий

Описание

A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.

Ссылки

http://www.openwall.com/lists/oss-security/2015/01/27/29
http://www.openwall.com/lists/oss-security/2015/01/27/29
http://www.securityfocus.com/bid/75358
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/75358
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2651-1
https://bugzilla.redhat.com/show_bug.cgi?id=1186764
http://www.openwall.com/lists/oss-security/2015/01/27/29
http://www.openwall.com/lists/oss-security/2015/01/27/29
http://www.securityfocus.com/bid/75358
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/75358
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-2651-1
https://bugzilla.redhat.com/show_bug.cgi?id=1186764

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gnu:patch:*:*:*:*:*:*:*:*

Версия до 2.7.4 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.03663

Низкий

7.5 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

CVE-2015-1396

CVSS3: 7.5

ubuntu

около 6 лет назад

CVE-2015-1396

redhat

около 11 лет назад

CVE-2015-1396

CVSS3: 7.5

debian

около 6 лет назад

A Directory Traversal vulnerability exists in the GNU patch before 2.7 ...

GHSA-37cv-ggjj-37qh

github

больше 3 лет назад

SUSE-SU-2015:1019-1

suse-cvrf

больше 10 лет назад

Security update for patch

EPSS

Процентиль: 88%

0.03663

Низкий

7.5 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-22