CVE-2010-1679
published 2011-01-11CVE-2010-1679: Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via…
PriorityP433medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
3.12%
86.2th percentile
Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package.
Affected
136 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dpkg | < dpkg 1.15.8.8 (bookworm) | dpkg 1.15.8.8 (bookworm) |
| debian | dpkg | <= 1.14.30 | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
| debian | dpkg | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4qj2-qwgp-vc99: Directory traversal vulnerability in dpkg-source in dpkg before 1
ghsa_unreviewed·2022-05-17
CVE-2010-1679 [MEDIUM] CWE-22 GHSA-4qj2-qwgp-vc99: Directory traversal vulnerability in dpkg-source in dpkg before 1
Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package.
GHSA
GHSA-ghmh-8qx5-2gfp: Directory traversal vulnerability in util
ghsa_unreviewed·2022-05-17·CVSS 6.8
CVE-2010-4651 [MEDIUM] CWE-22 GHSA-ghmh-8qx5-2gfp: Directory traversal vulnerability in util
Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.
OSV
CVE-2010-4651: Directory traversal vulnerability in util
osv·2011-03-11·CVSS 6.8
CVE-2010-4651 [MEDIUM] CVE-2010-4651: Directory traversal vulnerability in util
Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.
OSV
CVE-2010-1679: Directory traversal vulnerability in dpkg-source in dpkg before 1
osv·2011-01-11·CVSS 6.8
CVE-2010-1679 [MEDIUM] CVE-2010-1679: Directory traversal vulnerability in dpkg-source in dpkg before 1
Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package.
Ubuntu
dpkg vulnerability
vendor_ubuntu·2011-01-06
CVE-2010-1679 dpkg vulnerability
Title: dpkg vulnerability
Summary: A malicious source package could write files outside the unpack directory.
Jakub Wilk and Raphael Hertzog discovered that dpkg-source did not
correctly handle certain paths and symlinks when unpacking source-format
version 3.0 packages. If a user or an automated system were tricked into
unpacking a specially crafted source package, a remote attacker could
modify files outside the target unpack directory, leading to a denial
of service or potentially gaining access to the system.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
patch: directory traversal flaw allows for arbitrary file creation
vendor_redhat·2010-12-30·CVSS 6.8
CVE-2010-4651 [MEDIUM] patch: directory traversal flaw allows for arbitrary file creation
patch: directory traversal flaw allows for arbitrary file creation
Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.
Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: patch (Red Hat Enterprise Linux 4) - Will not fix
Package: patch (Red Hat Enterprise Linux 5) - Will not fix
Package: patch (Red Hat Enterprise Linux 6) - Will not fix
Debian
CVE-2010-1679: dpkg - Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15...
vendor_debian·2010·CVSS 6.8
CVE-2010-1679 [MEDIUM] CVE-2010-1679: dpkg - Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15...
Directory traversal vulnerability in dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted remote attackers to modify arbitrary files via directory traversal sequences in a patch for a source-format 3.0 package.
Scope: local
bookworm: resolved (fixed in 1.15.8.8)
bullseye: resolved (fixed in 1.15.8.8)
forky: resolved (fixed in 1.15.8.8)
sid: resolved (fixed in 1.15.8.8)
trixie: resolved (fixed in 1.15.8.8)
Debian
CVE-2010-4651: patch - Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allow...
vendor_debian·2010·CVSS 6.8
CVE-2010-4651 [MEDIUM] CVE-2010-4651: patch - Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allow...
Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a filename that is specified with a .. (dot dot) or full pathname, a related issue to CVE-2010-1679.
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2010-1679 dpkg: directory traversal flaw allows for arbitrary file creation
bugzilla·2011-01-12·CVSS 6.8
CVE-2010-1679 [MEDIUM] CVE-2010-1679 dpkg: directory traversal flaw allows for arbitrary file creation
CVE-2010-1679 dpkg: directory traversal flaw allows for arbitrary file creation
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-1679 to
the following vulnerability:
Name: CVE-2010-1679
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1679
Assigned: 20100430
Reference: DEBIAN:DSA-2142
Reference: URL: http://www.debian.org/security/2011/dsa-2142
Reference: UBUNTU:USN-1038-1
Reference: URL: http://www.ubuntu.com/usn/USN-1038-1
Reference: SECUNIA:42826
Reference: URL: http://secunia.com/advisories/42826
Reference: SECUNIA:42831
Reference: URL: http://secunia.com/advisories/42831
Reference: VUPEN:ADV-2011-0040
Reference: URL: http://www.vupen.com/english/advisories/2011/0040
Reference: VUPEN:ADV-2011-0044
Reference: URL: http://www.vupen.com/english/advisories/
Bugzilla
CVE-2010-1679 CVE-2011-0402 dpkg various flaws [fedora-all]
bugzilla·2011-01-12·CVSS 6.8
CVE-2010-1679 [MEDIUM] CVE-2010-1679 CVE-2011-0402 dpkg various flaws [fedora-all]
CVE-2010-1679 CVE-2011-0402 dpkg various flaws [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=668922
Please note: this issue affects multiple supported vers
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.htmlhttp://osvdb.org/70368http://secunia.com/advisories/42826http://secunia.com/advisories/42831http://secunia.com/advisories/43054http://www.debian.org/security/2011/dsa-2142http://www.securityfocus.com/bid/45703http://www.ubuntu.com/usn/USN-1038-1http://www.vupen.com/english/advisories/2011/0040http://www.vupen.com/english/advisories/2011/0044http://www.vupen.com/english/advisories/2011/0196https://exchange.xforce.ibmcloud.com/vulnerabilities/64615http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053306.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-January/053311.htmlhttp://osvdb.org/70368http://secunia.com/advisories/42826http://secunia.com/advisories/42831http://secunia.com/advisories/43054http://www.debian.org/security/2011/dsa-2142http://www.securityfocus.com/bid/45703http://www.ubuntu.com/usn/USN-1038-1http://www.vupen.com/english/advisories/2011/0040http://www.vupen.com/english/advisories/2011/0044http://www.vupen.com/english/advisories/2011/0196https://exchange.xforce.ibmcloud.com/vulnerabilities/64615
2011-01-11
Published