PT-2015-4210 · Red Hat+3 · Elfutils+3

Publicado

2015-01-02

Atualizado

2024-06-15

CVE-2014-9447

CVSS v2.0

6.4

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions elfutils versions 0.152 through 0.161

Description The issue allows remote attackers to write to arbitrary files in the root directory via a crafted archive. This is achieved by exploiting a directory traversal vulnerability in the read long names function. The vulnerability can be demonstrated using the ar program.

Recommendations For elfutils versions 0.152 through 0.161, consider restricting access to the read long names function in libelf/elf begin.c until a patch is available. As a temporary workaround, avoid using the ar program with untrusted archives.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

ALT-PU-2015-2001

CVE-2014-9447

MGASA-2015-0033

OPENSUSE-SU-2024:10570-1

SUSE-SU-2015:0292-1

SUSE-SU-2015:0434-1

SUSE-SU-2015_0292-1

SUSE-SU-2015_0434-1

USN-2482-1

Produtos afetados

Alt Linux

Suse

Ubuntu

Elfutils

PT-2015-4210 · Red Hat+3 · Elfutils+3

CVE-2014-9447

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 38