ALT-PU-2015-2001-1
Closed vulnerabilities
Published: 2015-01-02
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-9447
Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.
Severity: MEDIUM (6.4)
References:
- http://advisories.mageia.org/MGASA-2015-0033.html
- http://advisories.mageia.org/MGASA-2015-0033.html
- FEDORA-2015-0692
- FEDORA-2015-0692
- FEDORA-2015-0677
- FEDORA-2015-0677
- 61934
- 61934
- 62560
- 62560
- 62661
- 62661
- MDVSA-2015:047
- MDVSA-2015:047
- [oss-security] 20141229 CVE request: dir traversal in elfutils
- [oss-security] 20141229 CVE request: dir traversal in elfutils
- 71804
- 71804
- https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e
- https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e
- [elfutils-devel] 20141227 Directory traversal in `ar`
- [elfutils-devel] 20141227 Directory traversal in `ar`