PT-2015-4210 · Red Hat+3 · Elfutils+3

Published

2015-01-02

Updated

2024-06-15

CVE-2014-9447

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions elfutils versions 0.152 through 0.161

Description The issue allows remote attackers to write to arbitrary files in the root directory via a crafted archive. This is achieved by exploiting a directory traversal vulnerability in the read long names function. The vulnerability can be demonstrated using the ar program.

Recommendations For elfutils versions 0.152 through 0.161, consider restricting access to the read long names function in libelf/elf begin.c until a patch is available. As a temporary workaround, avoid using the ar program with untrusted archives.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALT-PU-2015-2001

CVE-2014-9447

MGASA-2015-0033

OPENSUSE-SU-2024:10570-1

SUSE-SU-2015:0292-1

SUSE-SU-2015:0434-1

SUSE-SU-2015_0292-1

SUSE-SU-2015_0434-1

USN-2482-1

Affected Products

Alt Linux

Suse

Ubuntu

Elfutils

PT-2015-4210 · Red Hat+3 · Elfutils+3

CVE-2014-9447

Weakness Enumeration

Related Identifiers

Affected Products

References · 38