GNU patch Directory Traversal Vulnerability [CVE-2010-4651]

CVE Number – CVE-2010-4651

GNU patch contains a vulnerability that could allow an unauthenticated, remote attacker to conduct directory traversal on a vulnerable system.

The vulnerability exists because the affected software fails to perform sufficient sanitization on user-supplied input when handling patch files. An unauthenticated, remote attacker could exploit this vulnerability by convincing a targeted user to execute a malicious patch file using the affected application. If successful, the attacker could create or overwrite arbitrary files on the targeted system by using malicious parameters in the patch file.

Proof-of-concept code that demonstrates an exploit of this vulnerability is publicly available.

The vendor has confirmed this vulnerability in the git repository; however, stable updates are not available. Third-party updates are available.

• Systems running GNU patch versions 2.6.1 and prior are vulnerable.

• The vulnerability exists because the affected software fails to perform sufficient sanitization on the pathname value specified in patch files.

  An unauthenticated, remote attacker could exploit this vulnerability by persuading a targeted user to execute a malicious patch file that contains directory traversal sequences in the pathnameparameter. Processing this file could create or overwrite arbitrary files outside the intended destination directory of the application.

• To exploit the vulnerability, the attacker may provide a file to the user and persuade the user to open or execute the file by using misleading language or instructions.

• Administrators are advised to contact the vendor regarding future updates and releases or apply the appropriate third-party updates.

  Users are advised not to open e-mail messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in e-mail messages are safe, they are advised not to open them.

  Users should verify that unsolicited links are safe to follow.

  Administrators are advised to monitor affected systems.

• The vendor has confirmed this vulnerability at the following link: Directory traversal vulnerability in patch

  Apple has released a security update at the following link: Apple Security Update 2011-004

  Oracle has released a security advisory at the following link: CVE-2010-4651

• Apple has released updated software at the following links:

  Mac OS X and Mac OS X Server 10.5.8
  Security Update 2011-004 (Leopard)
  Security Update 2011-004 (Leopard Server)

  Mac OS X 10.6.8 and Mac OS X Server 10.6.8
  Mac OS X 10.6.8 Update
  Mac OS X Server 10.6.8 Update

  Oracle has released patches for registered users at the following link: Solaris 11.2.4.6.0
  
  
  
  

Duncan

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.