Unrated severityNVD Advisory· Published Nov 25, 2019· Updated Aug 6, 2024
CVE-2015-1396
CVE-2015-1396
Description
A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- GNU/patchdescription
- osv-coords3 versionspkg:rpm/suse/patch&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/patch&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/patch&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012
< 2.7.5-7.1+ 2 more
- (no CPE)range: < 2.7.5-7.1
- (no CPE)range: < 2.7.5-7.1
- (no CPE)range: < 2.7.5-7.1
Patches
Vulnerability mechanics
References
4- www.openwall.com/lists/oss-security/2015/01/27/29mitremailing-listx_refsource_MLISTx_refsource_MISC
- www.securityfocus.com/bid/75358mitrevdb-entryx_refsource_BIDx_refsource_MISC
- www.ubuntu.com/usn/USN-2651-1mitrex_refsource_MISC
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.