CVE-2010-4651: Path Traversal
First published: Wed Jan 05 2011(Updated: )
Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gnu Gnu Patch | =2.5.4 | |
| Gnu Gnu Patch | <=2.6.1 | |
| Gnu Gnu Patch | =2.5.9 | |
| Gnu Gnu Patch | =2.6 | |
| Gnu Gnu Patch | =2.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.gnu.org/archive/html/bug-patch/2010-12/msg00000.html
- http://openwall.com/lists/oss-security/2011/01/06/19
- http://openwall.com/lists/oss-security/2011/01/05/10
- http://openwall.com/lists/oss-security/2011/01/06/20
- http://openwall.com/lists/oss-security/2011/01/06/21
- http://secunia.com/advisories/43677
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055241.html
- https://bugzilla.redhat.com/show_bug.cgi?id=667529
- http://secunia.com/advisories/43663
- http://git.savannah.gnu.org/cgit/patch.git/commit/?id=685a78b6052f4df6eac6d625a545cfb54a6ac0e1
- http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055246.html
- http://www.vupen.com/english/advisories/2011/0600
- http://support.apple.com/kb/HT4723
- http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html
- http://www.securityfocus.com/bid/46768
- http://osdir.com/ml/bug-patch-gnu/2010-12/msg00000.html
- http://article.gmane.org/gmane.comp.security.oss.general/4063
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=667529#c1
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=476361&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=476361&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=476365&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=476365&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=675379
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=667529#c11
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=477393&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=477393&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=477460&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=477460&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=478038&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=478038&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=479566&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=479566&action=edit
- http://www.openembedded.org/index.php/Main_Page
- http://git.shr-project.org/git/?p=n900-oe.git;a=blob;f=recipes/db/files/db5-arm-thumb-mutex.patch;h=51b88823cf8ec1d959e1c73adb83abc4be4ae395;hb=9cd6a9dcdb323334186f0fe7c4537cd9dc8a58b1
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=667529#c33
- https://access.redhat.com/security/updates/classification/
- collector/redhat-bugzilla
- alias/CVE-2010-4651
- collector/nvd-historical
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- vendor/gnu
- canonical/gnu gnu patch
- version/gnu gnu patch/2.5.4
- version/gnu gnu patch/2.6.1
- version/gnu gnu patch/2.5.9
- version/gnu gnu patch/2.6
- version/gnu gnu patch/2.5