CVE-2015-1416

Severity

93%

Complexity

86%

Confidentiality

165%

Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file.

Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file.

CVSS 3.0 Base Score 7.8. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

Type

FreeBSD

First reported 7 years ago

2018-02-05 16:29:00

Last updated 6 years ago

2018-03-13 19:53:00

Affected Software

FreeBSD 10.0

10.0

FreeBSD 10.2

10.2

References

[oss-security] 20150730 CVE-2015-1416: vulnerability in patch(1)

Mailing List, Third Party Advisory

[oss-security] 20150801 Re: CVE-2015-1416: vulnerability in patch(1)

Mailing List, Third Party Advisory

[oss-security] 20150801 Re: CVE-2015-1416: vulnerability in patch(1)

Mailing List, Third Party Advisory

[oss-security] 20150802 Re: CVE-2015-1416: vulnerability in patch(1)

Mailing List, Third Party Advisory

76116

Third Party Advisory, VDB Entry

1033110

Third Party Advisory, VDB Entry

FreeBSD-SA-15:14

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.