Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9447

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2014-9447
Last Modified 17 Apr 2015 09:59:42
Published 02 Jan 2015 03:59:06
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9447

Summary

Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.

Vulnerable Systems

Application

  • Elfutils Project Elfutils 0.152

  • Elfutils Project Elfutils 0.161


References

MLIST - [elfutils-devel] 20141227 Directory traversal in `ar`

CONFIRM - https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e

BID - 71804

MLIST - [oss-security] 20141229 CVE request: dir traversal in elfutils

SECUNIA - 61934

SECUNIA - 62661

SECUNIA - 62560

MANDRIVA - MDVSA-2015:047

CONFIRM - http://advisories.mageia.org/MGASA-2015-0033.html

FEDORA - FEDORA-2015-0677

FEDORA - FEDORA-2015-0692


Last Updated: 27 May 2016 11:08:32