CVE-2015-1416
HIGHFreeBSD <10.2-BETA2-p2, Bitrig, GNU patch <2.2.5 - RCE
Title source: llmDescription
Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file.
References (7)
Core 7
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/08/02/1
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/07/30/9
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/08/01/4
Vendor Advisory vendor-advisory
x_refsource_freebsd
https://www.freebsd.org/security/advisories/FreeBSD-SA-15:14.bsdpatch.asc
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033110
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/76116
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/08/02/6
Scores
CVSS v3
7.8
EPSS
0.0088
EPSS Percentile
75.6%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-264
Status
published
Products (3)
freebsd/freebsd
10.0
freebsd/freebsd
10.1
freebsd/freebsd
10.2
Published
Feb 05, 2018
Tracked Since
Feb 18, 2026