4.3

CVE-2015-1196

Exploit
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpensuseOpensuse Version13.1
OpensuseOpensuse Version13.2
OracleSolaris Version11.2
GnuPatch Version2.7.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.1% 0.925
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
Third Party Advisory
http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3
Patch
http://lists.opensuse.org/opensuse-updates/2015-02/msg00013.html
Third Party Advisory
http://seclists.org/oss-sec/2015/q1/173
Third Party Advisory
http://www.securityfocus.com/bid/72074
Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227
Exploit
https://bugzilla.redhat.com/show_bug.cgi?id=1182154
Third Party Advisory
VDB Entry
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/99967