{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-12-30T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T19:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "ADV-2011-0600", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0600"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT4723"}, {"name": "[oss-security] 20110106 Re: CVE request: patch directory traversal flaw", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/01/06/20"}, {"name": "46768", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/46768"}, {"name": "APPLE-SA-2011-06-23-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"}, {"name": "[oss-security] 20110106 Re: CVE request: patch directory traversal flaw", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/01/06/21"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=667529"}, {"name": "FEDORA-2011-1269", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055246.html"}, {"name": "[oss-security] 20110106 Re: CVE request: patch directory traversal flaw", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/01/06/19"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=685a78b6052f4df6eac6d625a545cfb54a6ac0e1"}, {"name": "43677", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43677"}, {"name": "FEDORA-2011-1272", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055241.html"}, {"name": "[oss-security] 20110105 CVE request: patch directory traversal flaw", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/01/05/10"}, {"name": "[bug-patch] 20101230 Directory traversal vulnerability in patch (or dpkg-source) (fwd)", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.gnu.org/archive/html/bug-patch/2010-12/msg00000.html"}, {"name": "43663", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43663"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:51:17.968Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2011-0600", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0600"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT4723"}, {"name": "[oss-security] 20110106 Re: CVE request: patch directory traversal flaw", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/01/06/20"}, {"name": "46768", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/46768"}, {"name": "APPLE-SA-2011-06-23-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"}, {"name": "[oss-security] 20110106 Re: CVE request: patch directory traversal flaw", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/01/06/21"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=667529"}, {"name": "FEDORA-2011-1269", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055246.html"}, {"name": "[oss-security] 20110106 Re: CVE request: patch directory traversal flaw", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/01/06/19"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=685a78b6052f4df6eac6d625a545cfb54a6ac0e1"}, {"name": "43677", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43677"}, {"name": "FEDORA-2011-1272", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055241.html"}, {"name": "[oss-security] 20110105 CVE request: patch directory traversal flaw", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/01/05/10"}, {"name": "[bug-patch] 20101230 Directory traversal vulnerability in patch (or dpkg-source) (fwd)", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.gnu.org/archive/html/bug-patch/2010-12/msg00000.html"}, {"name": "43663", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43663"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-4651", "datePublished": "2011-03-11T22:00:00", "dateReserved": "2011-01-03T00:00:00", "dateUpdated": "2024-08-07T03:51:17.968Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:gnu_patch:*:*:*:*:*:*:*:*", "matchCriteriaId": "664022CA-1CFD-4919-BB94-F4F4F6D37201", "versionEndIncluding": "2.6.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:gnu_patch:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "817481F2-877C-4851-A4F3-F991ADA26381", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:gnu_patch:2.5.4:*:*:*:*:*:*:*", "matchCriteriaId": "62276D98-5C81-4AAE-9DA9-760A1E799707", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:gnu_patch:2.5.9:*:*:*:*:*:*:*", "matchCriteriaId": "79A0F364-725D-481A-A2C0-FAE80DFFA9F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:gnu_patch:2.6:*:*:*:*:*:*:*", "matchCriteriaId": "190EBEDE-B589-48F1-AA99-F0E21CE5CB47", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en util.c en el parche GNU v2.6.1 y anteriores, permite a atacantes remotos asistidos por el usuario crear o sobreescribir archivos de su elecci\u00f3n a trav\u00e9s de un nombre de archivo que se especifica con un .. (punto punto) o la ruta completa, un problema relacionado con CVE-2010-1679."}], "id": "CVE-2010-4651", "lastModified": "2024-11-21T01:21:26.830", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-03-11T22:55:02.090", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=685a78b6052f4df6eac6d625a545cfb54a6ac0e1"}, {"source": "secalert@redhat.com", "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055241.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055246.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://lists.gnu.org/archive/html/bug-patch/2010-12/msg00000.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/01/05/10"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/01/06/19"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2011/01/06/20"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/01/06/21"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43663"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43677"}, {"source": "secalert@redhat.com", "url": "http://support.apple.com/kb/HT4723"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/46768"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0600"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=667529"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://git.savannah.gnu.org/cgit/patch.git/commit/?id=685a78b6052f4df6eac6d625a545cfb54a6ac0e1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.apple.com/archives/security-announce/2011//Jun/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055241.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055246.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://lists.gnu.org/archive/html/bug-patch/2010-12/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/01/05/10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/01/06/19"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2011/01/06/20"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/01/06/21"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43663"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/43677"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT4723"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/46768"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0600"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=667529"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "patch: directory traversal flaw allows for arbitrary file creation", "id": "667529", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=667529"}, "csaw": false, "cvss": {"cvss_base_score": "2.1", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "status": "draft"}, "details": ["Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679."], "name": "CVE-2010-4651", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:3", "fix_state": "Will not fix", "package_name": "patch", "product_name": "Red Hat Enterprise Linux 3"}, {"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Will not fix", "package_name": "patch", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "patch", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "patch", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2010-12-30T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-4651\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-4651"], "statement": "Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Low"}