Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.842253 |
Category: | Ubuntu Local Security Checks |
Title: | Ubuntu Update for patch USN-2651-1 |
Summary: | The remote host is missing an update for the 'patch'; package(s) announced via the referenced advisory. |
Description: | Summary: The remote host is missing an update for the 'patch' package(s) announced via the referenced advisory. Vulnerability Insight: Jakub Wilk discovered that GNU patch did not correctly handle file paths in patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS. (CVE-2010-4651) Lá szló Bö szö rmé nyi discovered that GNU patch did not correctly handle some patch files. An attacker could specially craft a patch file that could cause a denial of service. (CVE-2014-9637) Jakub Wilk discovered that GNU patch did not correctly handle symbolic links in git style patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1196) Jakub Wilk discovered that GNU patch did not correctly handle file renames in git style patch files. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1395) Jakub Wilk discovered the fix for CVE-2015-1196 was incomplete for GNU patch. An attacker could specially craft a patch file that could overwrite arbitrary files with the privileges of the user invoking the program. This issue only affected Ubuntu 14.04 LTS and Ubuntu 14.10. (CVE-2015-1396) Affected Software/OS: patch on Ubuntu 14.10, Ubuntu 14.04 LTS, Ubuntu 12.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-4651 http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html BugTraq ID: 46768 http://www.securityfocus.com/bid/46768 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055246.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055241.html http://lists.gnu.org/archive/html/bug-patch/2010-12/msg00000.html http://openwall.com/lists/oss-security/2011/01/05/10 http://openwall.com/lists/oss-security/2011/01/06/19 http://openwall.com/lists/oss-security/2011/01/06/20 http://openwall.com/lists/oss-security/2011/01/06/21 http://secunia.com/advisories/43663 http://secunia.com/advisories/43677 http://www.vupen.com/english/advisories/2011/0600 Common Vulnerability Exposure (CVE) ID: CVE-2014-9637 BugTraq ID: 72286 http://www.securityfocus.com/bid/72286 http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148953.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154214.html http://www.openwall.com/lists/oss-security/2015/01/22/7 http://www.ubuntu.com/usn/USN-2651-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-1196 BugTraq ID: 72074 http://www.securityfocus.com/bid/72074 http://seclists.org/oss-sec/2015/q1/173 SuSE Security Announcement: openSUSE-SU-2015:0199 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-02/msg00013.html XForce ISS Database: gnupatch-unspecified-symlink(99967) https://exchange.xforce.ibmcloud.com/vulnerabilities/99967 Common Vulnerability Exposure (CVE) ID: CVE-2015-1395 BugTraq ID: 72846 http://www.securityfocus.com/bid/72846 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873 http://www.openwall.com/lists/oss-security/2015/01/27/28 Common Vulnerability Exposure (CVE) ID: CVE-2015-1396 BugTraq ID: 75358 http://www.securityfocus.com/bid/75358 http://www.openwall.com/lists/oss-security/2015/01/27/29 |
Copyright | Copyright (C) 2015 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |