Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via ".." (dot dot) sequences in a patch file.
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
| Link | Tags |
|---|---|
| http://www.selenic.com/hg/rev/87c704ac92d4 | exploit |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43551 | vdb entry |
| http://www.securityfocus.com/bid/30072 | vdb entry |
| https://issues.rpath.com/browse/RPL-2633 | |
| http://www.openwall.com/lists/oss-security/2008/06/30/1 | mailing list |
| http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html | vendor advisory |
| http://wiki.rpath.com/Advisories:rPSA-2008-0211 | |
| http://www.securityfocus.com/archive/1/493881/100/0/threaded | mailing list |
| http://security.gentoo.org/glsa/glsa-200807-09.xml | vendor advisory |
| http://www.openwall.com/lists/oss-security/2008/07/01/1 | mailing list |
| http://secunia.com/advisories/31110 | third party advisory |
| http://secunia.com/advisories/31167 | third party advisory |
| http://secunia.com/advisories/31108 | third party advisory |