Published: 11/03/2011 Updated: 28/11/2016

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

Directory traversal vulnerability in util.c in GNU patch 2.6.1 and previous versions allows user-assisted remote malicious users to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu gnu patch
gnu gnu patch 2.6
gnu gnu patch 2.5
gnu gnu patch 2.5.9
gnu gnu patch 2.5.4

Several security issues were fixed in GNU patch ...

CWE-22 http://lists.gnu.org/archive/html/bug-patch/2010-12/msg00000.html http://openwall.com/lists/oss-security/2011/01/06/19 http://openwall.com/lists/oss-security/2011/01/05/10 http://openwall.com/lists/oss-security/2011/01/06/20 http://openwall.com/lists/oss-security/2011/01/06/21 http://secunia.com/advisories/43677 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055241.html https://bugzilla.redhat.com/show_bug.cgi?id=667529 http://secunia.com/advisories/43663 http://git.savannah.gnu.org/cgit/patch.git/commit/?id=685a78b6052f4df6eac6d625a545cfb54a6ac0e1 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055246.html http://www.vupen.com/english/advisories/2011/0600 http://support.apple.com/kb/HT4723 http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html http://www.securityfocus.com/bid/46768 https://usn.ubuntu.com/2651-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-4651

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect