GNU patch Directory Traversal Vulnerability [CVE-2010-4651]

CVE Number – CVE-2010-4651

GNU patch contains a vulnerability that could allow an unauthenticated, remote attacker to conduct directory traversal on a vulnerable system.

The vulnerability exists because the affected software fails to perform sufficient sanitization on user-supplied input when handling patch files. An unauthenticated, remote attacker could exploit this vulnerability by convincing a targeted user to execute a malicious patch file using the affected application. If successful, the attacker could create or overwrite arbitrary files on the targeted system by using malicious parameters in the patch file.

Proof-of-concept code that demonstrates an exploit of this vulnerability is publicly available.

The vendor has confirmed this vulnerability in the git repository; however, stable updates are not available. Third-party updates are available.

Indicators of Compromise
  • Systems running GNU patch versions 2.6.1 and prior are vulnerable.
Technical Information
  • The vulnerability exists because the affected software fails to perform sufficient sanitization on the pathname value specified in patch files.

    An unauthenticated, remote attacker could exploit this vulnerability by persuading a targeted user to execute a malicious patch file that contains directory traversal sequences in the pathnameparameter. Processing this file could create or overwrite arbitrary files outside the intended destination directory of the application.

Analysis
  • To exploit the vulnerability, the attacker may provide a file to the user and persuade the user to open or execute the file by using misleading language or instructions.
Safeguards
  • Administrators are advised to contact the vendor regarding future updates and releases or apply the appropriate third-party updates.

    Users are advised not to open e-mail messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in e-mail messages are safe, they are advised not to open them.

    Users should verify that unsolicited links are safe to follow.

    Administrators are advised to monitor affected systems.

Vendor Announcements
Fixed Software

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: