Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1196

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2015-1196
Last Modified 11 Feb 2015 02:43:30
Published 21 Jan 2015 01:59:57
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-1196

Summary

GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.

Vulnerable Systems

Operating System

  • Novell Opensuse 13.1

  • Novell Opensuse 13.2

Application

  • Gnu Patch 2.7.1


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1182154

CONFIRM - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227

XF - gnupatch-unspecified-symlink(99967)

BID - 72074

MLIST - [oss-security] 20150118 Re: CVE request: directory traversal flaw in patch

CONFIRM - http://git.savannah.gnu.org/cgit/patch.git/commit/?id=4e9269a5fc1fe80a1095a92593dd85db871e1fd3

SUSE - openSUSE-SU-2015:0199


Last Updated: 27 May 2016 11:07:46