Описание
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| patch | fixed | 2.7.3-1 | package | |
| patch | not-affected | wheezy | package | |
| patch | not-affected | squeeze | package |
Примечания
Upstream report: https://savannah.gnu.org/bugs/?44059
https://www.openwall.com/lists/oss-security/2015/01/24/2
EPSS
Связанные уязвимости
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.
Уязвимость компонента, поддерживаемого Git-style, программной Unix-утилиты GNU Patch операционных систем Ubuntu, Fedora, позволяющая нарушителю изменять произвольные файлы
EPSS