PT-2014-9011 · Gnu+3 · Gnu Coreutils+3

Fiedler Roman

Published

2014-12-31

Updated

2020-12-08

CVE-2014-9471

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions GNU coreutils (affected versions not specified)

Description The issue allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted date string. This can be achieved by providing a specifically crafted string, such as "--date=TZ="123"345" @1", to the touch or date command.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2015-1847

CVE-2014-9471

MGASA-2015-0029

SUSE-SU-2015:0792-1

SUSE-SU-2015_0792-1

USN-2473-1

Affected Products

Alt Linux

Gnu Coreutils

Suse

Ubuntu

PT-2014-9011 · Gnu+3 · Gnu Coreutils+3

CVE-2014-9471

Related Identifiers

Affected Products

References · 38