CVE-2015-1416 - Vulnerability Details - OpenCVE

Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Freebsd	Freebsd

Configuration 1 [-]

OR	cpe:2.3:o:freebsd:freebsd:10.0:::::::*
	cpe:2.3:o:freebsd:freebsd:10.1:::::::*
	cpe:2.3:o:freebsd:freebsd:10.2:::::::*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2015/07/30/9
http://www.openwall.com/lists/oss-security/2015/08/01/4
http://www.openwall.com/lists/oss-security/2015/08/02/1
http://www.openwall.com/lists/oss-security/2015/08/02/6
http://www.securityfocus.com/bid/76116
http://www.securitytracker.com/id/1033110
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:14.bsdpatch.asc

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-02-05T16:00:00

Updated: 2024-08-06T04:40:18.597Z

Reserved: 2015-01-27T00:00:00

Link: CVE-2015-1416

Vulnrichment

No data.

NVD

Status : Modified

Published: 2018-02-05T16:29:00.223

Modified: 2024-11-21T02:25:22.530

Link: CVE-2015-1416

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-07-28T00:00:00", "descriptions": [{"lang": "en", "value": "Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-02-05T15:57:02", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20150801 Re: CVE-2015-1416: vulnerability in patch(1)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/08/02/1"}, {"name": "[oss-security] 20150730 CVE-2015-1416: vulnerability in patch(1)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/07/30/9"}, {"name": "[oss-security] 20150801 Re: CVE-2015-1416: vulnerability in patch(1)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/08/01/4"}, {"name": "FreeBSD-SA-15:14", "tags": ["vendor-advisory", "x_refsource_FREEBSD"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:14.bsdpatch.asc"}, {"name": "1033110", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1033110"}, {"name": "76116", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/76116"}, {"name": "[oss-security] 20150802 Re: CVE-2015-1416: vulnerability in patch(1)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/08/02/6"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-1416", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20150801 Re: CVE-2015-1416: vulnerability in patch(1)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/08/02/1"}, {"name": "[oss-security] 20150730 CVE-2015-1416: vulnerability in patch(1)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/07/30/9"}, {"name": "[oss-security] 20150801 Re: CVE-2015-1416: vulnerability in patch(1)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/08/01/4"}, {"name": "FreeBSD-SA-15:14", "refsource": "FREEBSD", "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:14.bsdpatch.asc"}, {"name": "1033110", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1033110"}, {"name": "76116", "refsource": "BID", "url": "http://www.securityfocus.com/bid/76116"}, {"name": "[oss-security] 20150802 Re: CVE-2015-1416: vulnerability in patch(1)", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/08/02/6"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:40:18.597Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20150801 Re: CVE-2015-1416: vulnerability in patch(1)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/08/02/1"}, {"name": "[oss-security] 20150730 CVE-2015-1416: vulnerability in patch(1)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/07/30/9"}, {"name": "[oss-security] 20150801 Re: CVE-2015-1416: vulnerability in patch(1)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/08/01/4"}, {"name": "FreeBSD-SA-15:14", "tags": ["vendor-advisory", "x_refsource_FREEBSD", "x_transferred"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:14.bsdpatch.asc"}, {"name": "1033110", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1033110"}, {"name": "76116", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/76116"}, {"name": "[oss-security] 20150802 Re: CVE-2015-1416: vulnerability in patch(1)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/08/02/6"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-1416", "datePublished": "2018-02-05T16:00:00", "dateReserved": "2015-01-27T00:00:00", "dateUpdated": "2024-08-06T04:40:18.597Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebsd:freebsd:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "CA79CE41-D873-4A4A-A20C-83EB8772E5FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:10.1:*:*:*:*:*:*:*", "matchCriteriaId": "F6D63B21-9D2E-4B15-9E60-6181D44B1F55", "vulnerable": true}, {"criteria": "cpe:2.3:o:freebsd:freebsd:10.2:*:*:*:*:*:*:*", "matchCriteriaId": "21EFF723-7B5A-4712-8A6B-56CADAA4BFD5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file."}, {"lang": "es", "value": "El parche Larry Wall, el parche en FreeBSD en versiones 10.2-RC1 anteriores a la 10.2-RC1-p1, 10.2 anteriores a la 10.2-BETA2-p2, 10.1 anteriores a la 10.1-RELEASE-p16; Bitrig, el parche GNU en versiones anteriores a la 2.2.5 y posiblemente otras variantes de parches permiten que los atacantes remotos ejecutan comandos shell mediante un archivo de parche manipulado."}], "id": "CVE-2015-1416", "lastModified": "2024-11-21T02:25:22.530", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-02-05T16:29:00.223", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/07/30/9"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/08/01/4"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/08/02/1"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/08/02/6"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/76116"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1033110"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:14.bsdpatch.asc"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/07/30/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/08/01/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/08/02/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/08/02/6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/76116"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1033110"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:14.bsdpatch.asc"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}