Vulnerability Name:

CVE-2018-1000156

Assigned:2018-04-05
Published:2018-04-05
Updated:2018-06-28
Summary:GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.
CVSS v3 Severity:7.8 High (CVSS v3 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.3 High (CCN CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.4 Medium (CCN Temporal CVSS v3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
7.8 High (REDHAT CVSS v3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (REDHAT Temporal CVSS v3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-20
CWE-77
References:Source: MISC
Type: VENDOR_ADVISORY
http://rachelbythebay.com/w/2018/04/05/bangpatch/

Source: REDHAT
Type: VENDOR_ADVISORY
RHSA-2018:1199

Source: REDHAT
Type: VENDOR_ADVISORY
RHSA-2018:1200

Source: REDHAT
Type: UNKNOWN
RHSA-2018:2091

Source: REDHAT
Type: UNKNOWN
RHSA-2018:2092

Source: REDHAT
Type: UNKNOWN
RHSA-2018:2093

Source: REDHAT
Type: UNKNOWN
RHSA-2018:2094

Source: REDHAT
Type: UNKNOWN
RHSA-2018:2095

Source: REDHAT
Type: UNKNOWN
RHSA-2018:2096

Source: REDHAT
Type: UNKNOWN
RHSA-2018:2097

Source: MISC
Type: VENDOR_ADVISORY
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667#19

Source: XF
Type: UNKNOWN
gnu-patch-cve20181000156-code-exec(141283)

Source: MLIST
Type: VENDOR_ADVISORY
[debian-lts-announce] 20180416 [SECURITY] [DLA 1348-1] patch security update

Source: CONFIRM
Type: VENDOR_ADVISORY
https://savannah.gnu.org/bugs/index.php?53566

Source: MISC
Type: VENDOR_ADVISORY
https://twitter.com/kurtseifried/status/982028968877436928

Source: UBUNTU
Type: VENDOR_ADVISORY
USN-3624-1

Source: UBUNTU
Type: VENDOR_ADVISORY
USN-3624-2

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnu:patch:2.7.6:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:canonical:ubuntu_linux:12.04::~~esm~~~:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/o:debian:debian_linux:7.0:*:*:*:*:*:*:*

  • Configuration 4:
  • cpe:/o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:6:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

  • Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20181000156
    V
    CVE-2018-1000156
    2018-07-19
    oval:com.redhat.rhsa:def:20182091
    P
    RHSA-2018:2091: patch security update (Important)
    2018-06-27
    oval:com.redhat.rhsa:def:20181200
    P
    RHSA-2018:1200: patch security update (Important)
    2018-04-23
    oval:com.redhat.rhsa:def:20181199
    P
    RHSA-2018:1199: patch security update (Important)
    2018-04-23
    oval:com.ubuntu.artful:def:20181000156000
    V
    CVE-2018-1000156 on Ubuntu 17.10 (artful) - medium.
    2018-04-06
    oval:com.ubuntu.xenial:def:20181000156000
    V
    CVE-2018-1000156 on Ubuntu 16.04 LTS (xenial) - medium.
    2018-04-06
    oval:com.ubuntu.trusty:def:20181000156000
    V
    CVE-2018-1000156 on Ubuntu 14.04 LTS (trusty) - medium.
    2018-04-06
    BACK
    gnu patch 2.7.6
    canonical ubuntu linux 12.04
    canonical ubuntu linux 14.04
    canonical ubuntu linux 16.04
    canonical ubuntu linux 17.10
    debian debian linux 7.0
    redhat enterprise linux desktop 6.0
    redhat enterprise linux desktop 7.0
    redhat enterprise linux server 6.0
    redhat enterprise linux server 7.0
    redhat enterprise linux workstation 6.0
    redhat enterprise linux workstation 7.0