CVE-2018-1000156 log
Source |
|
Severity | High |
Remote | No |
Type | Arbitrary command execution |
Description | An arbitrary command execution vulnerability has been found in patch versions prior to 2.7.7 when applying ed-style patches. Due to insufficient sanitization of the input patch stream, it is possible for a patch file to cause patch to pass certain ed scripts to the ed editor, which would run commands. This issue could be exploited to execute arbitrary commands as the user invoking patch against a specially crafted patch file, which could be leveraged to obtain elevated privileges. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-808 | patch | 2.7.6-3 | 2.7.6-7 | High | Fixed | FS#57526 |
AVG-619 | patch | 2.7.6-1 | 2.7.6-3 | High | Fixed | FS#57526 |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
12 Nov 2018 | ASA-201811-14 | AVG-808 | patch | High | multiple issues |
09 Oct 2018 | ASA-201810-8 | AVG-619 | patch | High | multiple issues |