Lucene search

K

MitreCVELIST:CVE-2014-9447

HistoryJan 02, 2015 - 8:00 p.m.

CVE-2014-9447

2015-01-0220:00:00

mitre

www.cve.org

6.4 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.3%

Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.

References

advisories.mageia.org/MGASA-2015-0033.html

lists.fedoraproject.org/pipermail/package-announce/2015-January/148321.html

lists.fedoraproject.org/pipermail/package-announce/2015-January/148326.html

secunia.com/advisories/61934

secunia.com/advisories/62560

secunia.com/advisories/62661

www.mandriva.com/security/advisories?name=MDVSA-2015:047

www.openwall.com/lists/oss-security/2014/12/29/2

www.securityfocus.com/bid/71804

git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e

lists.fedorahosted.org/pipermail/elfutils-devel/2014-December/004499.html

6.4 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.3%

Related for CVELIST:CVE-2014-9447

nessus8 mageia1 securityvulns2 veracode1 fedora3 openvas7 debiancve1 ubuntucve1 prion2 nvd2 ubuntu1 cve2 archlinux2