Back to search
CVE-2014-9447
Published: Jan 2, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
62560
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20141229 CVE request: dir traversal in elfutils
mailing-list
x_refsource_MLIST
http://advisories.mageia.org/MGASA-2015-0033.html
x_refsource_CONFIRM
FEDORA-2015-0677
vendor-advisory
x_refsource_FEDORA
FEDORA-2015-0692
vendor-advisory
x_refsource_FEDORA
62661
third-party-advisory
x_refsource_SECUNIA
MDVSA-2015:047
vendor-advisory
x_refsource_MANDRIVA
61934
third-party-advisory
x_refsource_SECUNIA
[elfutils-devel] 20141227 Directory traversal in `ar`
mailing-list
x_refsource_MLIST
71804
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now