CVE-2015-1196

2015-01-2118:59:57

CWE-59

redhat

web.nvd.nist.gov

cve-2015-1196

gnu patch 2.7.1

remote attackers

symlink attack

patch file

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.003

Percentile

69.7%

JSON

GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.

Affected configurations

Nvd

Node

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

Node

oraclesolarisMatch11.2

Node

gnupatchMatch2.7.1

VendorProductVersionCPE
opensuseopensuse13.1cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
opensuseopensuse13.2cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
oraclesolaris11.2cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*
gnupatch2.7.1cpe:2.3:a:gnu:patch:2.7.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
opensuse	opensuse	13.1	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
opensuse	opensuse	13.2	cpe:2.3:o:opensuse:opensuse:13.2:::::::*
oracle	solaris	11.2	cpe:2.3:o:oracle:solaris:11.2:::::::*
gnu	patch	2.7.1	cpe:2.3:a:gnu:patch:2.7.1:::::::*