PT-2015-5158 · Gnu+3 · Gnu Patch+3

Martin Prpič

·

Published

2015-01-21

·

Updated

2024-06-15

·

CVE-2015-1196

CVSS v2.0

4.3

Medium

VectorAV:N/AC:M/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions GNU patch version 2.7.1
Description The issue allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
Recommendations For GNU patch version 2.7.1, update to a newer version that contains a fix for this issue.

Exploit

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

ALT-PU-2015-1846
CVE-2015-1196
MGASA-2015-0068
OPENSUSE-SU-2024:10379-1
SUSE-SU-2015:1019-1
SUSE-SU-2015_1019-1
USN-2651-1

Affected Products

Alt Linux
Gnu Patch
Suse
Ubuntu