Imre Rad discovered several vulnerabilities in GNU patch, leading to shell command injection or escape from the working directory and access and overwrite files, if specially crafted patch files are processed.
This update includes a bugfix for a regression introduced by the patch to address CVE-2018-1000156 when applying an ed-style patch (#933140).
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-4489. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('compat.inc');
if (description)
{
script_id(127102);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/08");
script_cve_id("CVE-2019-13636", "CVE-2019-13638");
script_xref(name:"DSA", value:"4489");
script_name(english:"Debian DSA-4489-1 : patch - security update");
script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing a security-related update.");
script_set_attribute(attribute:"description", value:
"Imre Rad discovered several vulnerabilities in GNU patch, leading to
shell command injection or escape from the working directory and
access and overwrite files, if specially crafted patch files are
processed.
This update includes a bugfix for a regression introduced by the patch
to address CVE-2018-1000156 when applying an ed-style patch (#933140).");
script_set_attribute(attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932401");
script_set_attribute(attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933140");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2018-1000156");
script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/patch");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/stretch/patch");
script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/buster/patch");
script_set_attribute(attribute:"see_also", value:"https://www.debian.org/security/2019/dsa-4489");
script_set_attribute(attribute:"solution", value:
"Upgrade the patch packages.
For the oldstable distribution (stretch), these problems have been
fixed in version 2.7.5-1+deb9u2.
For the stable distribution (buster), these problems have been fixed
in version 2.7.6-3+deb10u1.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-13638");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/17");
script_set_attribute(attribute:"patch_publication_date", value:"2019/07/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/29");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:patch");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:10.0");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Debian Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"10.0", prefix:"patch", reference:"2.7.6-3+deb10u1")) flag++;
if (deb_check(release:"9.0", prefix:"patch", reference:"2.7.5-1+deb9u2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Vendor | Product | Version | CPE |
---|---|---|---|
debian | debian_linux | patch | p-cpe:/a:debian:debian_linux:patch |
debian | debian_linux | 10.0 | cpe:/o:debian:debian_linux:10.0 |
debian | debian_linux | 9.0 | cpe:/o:debian:debian_linux:9.0 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13636
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13638
bugs.debian.org/cgi-bin/bugreport.cgi?bug=932401
bugs.debian.org/cgi-bin/bugreport.cgi?bug=933140
packages.debian.org/source/buster/patch
packages.debian.org/source/stretch/patch
security-tracker.debian.org/tracker/CVE-2018-1000156
security-tracker.debian.org/tracker/source-package/patch
www.debian.org/security/2019/dsa-4489