Vigil@nce - GNU patch: directory traversal via symlink
January 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can transmit to the victim a malicious diff file, to
traverse directories of patch, in order to create a file outside
the current directory.
Impacted products: Unix (platform)
Severity: 2/4
Creation date: 14/01/2015
DESCRIPTION OF THE VULNERABILITY
The patch program supports patches created in Git format. The "new
file mode" syntax indicates the mode of the file to create.
However, by using a symlink mode, the patch command accepts to
escape from the current directory.
An attacker can therefore transmit to the victim a malicious diff
file, to traverse directories of patch, in order to create a file
outside the current directory.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/GNU-patch-directory-traversal-via-symlink-15968