Directory traversal vulnerability in GNU patch versions which support Git-style patching prior to 2.7.3 allows remote malicious users to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fedoraproject fedora 20 |
||
fedoraproject fedora 21 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 12.04 |
||
canonical ubuntu linux 14.10 |
||
gnu patch |