Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9471

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-9471
Last Modified 08 Apr 2015 10:34:25
Published 16 Jan 2015 11:59:08
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9471

Summary

The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command.

Vulnerable Systems

Application

  • Gnu Coreutils


References

CONFIRM - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766147

MLIST - [oss-security] 20150103 Re: parse_datetime() bug in coreutils

MLIST - [oss-security] 20141125 AW: parse_datetime() bug in coreutils

MLIST - [oss-security] 20141124 parse_datetime() bug in coreutils

UBUNTU - USN-2473-1

SECUNIA - 62226

CONFIRM - http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872

MANDRIVA - MDVSA-2015:179

CONFIRM - http://advisories.mageia.org/MGASA-2015-0029.html


Last Updated: 27 May 2016 11:08:17