Detections
Analytics
FreeBSD : patch -- multiple vulnerabilities (791841a3-d484-4878-8909-92ef9ce424f4)
high Nessus Plugin ID 118902
Language:
Synopsis
The remote FreeBSD host is missing a security-related update.Description
NVD reports :An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a 'mangled rename' issue.
A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.
GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility.
This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.
Solution
Update the affected package.See Also
https://savannah.gnu.org/bugs/?53132
https://savannah.gnu.org/bugs/?53133
Plugin Details
Severity: High
ID: 118902
File Name: freebsd_pkg_791841a3d4844878890992ef9ce424f4.nasl
Version: 1.4
Type: local
Family: FreeBSD Local Security Checks
Published: 11/13/2018
Updated: 7/23/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2018-1000156
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:patch, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 11/11/2018
Vulnerability Publication Date: 4/16/2018