Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2942

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-2942
Last Modified 26 Nov 2012 10:48:14
Published 30 Jun 2008 04:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2942

Summary

Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via ".." (dot dot) sequences in a patch file.

Vulnerable Systems

Application

  • Mercurial 1.0.1


References

CONFIRM - https://issues.rpath.com/browse/RPL-2633

XF - mercurial-patch-directory-traversal(43551)

CONFIRM - http://www.selenic.com/hg/rev/87c704ac92d4

BID - 30072

BUGTRAQ - 20080703 rPSA-2008-0211-1 mercurial mercurial-hgk

MLIST - [oss-security] 20080701 Re: CVE id request mercurial:Insufficient input validation

MLIST - [oss-security] 20080630 CVE id request mercurial:Insufficient input validation

CONFIRM - http://wiki.rpath.com/Advisories:rPSA-2008-0211

GENTOO - GLSA-200807-09

SECUNIA - 31110

SECUNIA - 31108

SUSE - SUSE-SR:2008:015

SECUNIA - 31167


Last Updated: 27 May 2016 10:47:22