Lucene search

PRIOn knowledge basePRION:CVE-2014-9447

HistoryJan 02, 2015 - 8:59 p.m.

Directory traversal

2015-01-0220:59:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.009 Low

EPSS

Percentile

83.2%

JSON

Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.

CPENameOperatorVersion
elfutilseq0.152
elfutilseq0.161

CPE	Name	Operator	Version
	elfutils	eq	0.152
	elfutils	eq	0.161

References

advisories.mageia.org/MGASA-2015-0033.html

secunia.com/advisories/61934

secunia.com/advisories/62560

secunia.com/advisories/62661

www.mandriva.com/security/advisories?name=MDVSA-2015:047

www.openwall.com/lists/oss-security/2014/12/29/2

www.securityfocus.com/bid/71804

git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e

lists.fedorahosted.org/pipermail/elfutils-devel/2014-December/004499.html

lists.fedoraproject.org/pipermail/package-announce/2015-January/148321.html

lists.fedoraproject.org/pipermail/package-announce/2015-January/148326.html

6.8 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.009 Low

EPSS

Percentile

83.2%

JSON

Related for PRION:CVE-2014-9447