Lucene search
UbuntuUSN-2482-1HistoryJan 23, 2015 - 12:00 a.m.
elfutils vulnerability
2015-01-2300:00:00
ubuntu.com
42
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
AI Score
6.3
Confidence
Low
EPSS
0.007
Percentile
80.5%
Releases
- Ubuntu 14.10
- Ubuntu 14.04 ESM
- Ubuntu 12.04
- Ubuntu 10.04
Packages
- elfutils - collection of utilities to handle ELF objects
Details
Alexander Cherepanov discovered that libelf1 incorrectly handled certain
filesystem paths while extracting ar archives. An attacker could use this flaw
to perform a directory traversal attack on the root directory if the process
extracting the ar archive has write access to the root directory.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 14.10 | noarch | libelf1 | < 0.160-0ubuntu2.1 | UNKNOWN |
| Ubuntu | 14.10 | noarch | elfutils | < 0.160-0ubuntu2.1 | UNKNOWN |
| Ubuntu | 14.10 | noarch | libasm-dev | < 0.160-0ubuntu2.1 | UNKNOWN |
| Ubuntu | 14.10 | noarch | libasm1 | < 0.160-0ubuntu2.1 | UNKNOWN |
| Ubuntu | 14.10 | noarch | libdw-dev | < 0.160-0ubuntu2.1 | UNKNOWN |
| Ubuntu | 14.10 | noarch | libdw1 | < 0.160-0ubuntu2.1 | UNKNOWN |
| Ubuntu | 14.10 | noarch | libelf-dev | < 0.160-0ubuntu2.1 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libelf1 | < 0.158-0ubuntu5.2 | UNKNOWN |
| Ubuntu | 14.04 | noarch | elfutils | < 0.158-0ubuntu5.2 | UNKNOWN |
| Ubuntu | 14.04 | noarch | libasm-dev | < 0.158-0ubuntu5.2 | UNKNOWN |
References
Related
mageia
mageia
Updated elfutils packages fix CVE-2014-9447
2015-01-20 17:57:33
securityvulns
securityvulns
[USN-2482-1] elfutils vulnerability
2015-01-25 00:00:00
elfutils directory traversal
2015-01-25 00:00:00
nessus
nessus
SuSE 11.3 Security Update : elfutils (SAT Patch Number 10328)
2015-03-06 00:00:00
Mandriva Linux Security Advisory : elfutils (MDVSA-2015:047)
2015-02-13 00:00:00
Fedora 21 : elfutils-0.161-2.fc21 (2015-0692)
2015-01-20 00:00:00
veracode
veracode
Arbitrary File Write
2019-01-15 09:04:00
fedora
fedora
[SECURITY] Fedora 21 Update: elfutils-0.161-2.fc21
2015-01-19 01:34:58
[SECURITY] Fedora 21 Update: elfutils-0.163-1.fc21
2015-07-29 01:35:53
[SECURITY] Fedora 20 Update: elfutils-0.161-2.fc20
2015-01-20 20:59:07
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2015:0292-1)
2021-04-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2015:0434-1)
2021-06-09 00:00:00
Fedora Update for elfutils FEDORA-2015-11380
2015-07-30 00:00:00
debiancve
debiancve
CVE-2014-9447
2015-01-02 20:59:06
ubuntucve
ubuntucve
CVE-2014-9447
2015-01-02 00:00:00
prion
prion
Directory traversal
2015-01-02 20:59:00
Design/Logic Flaw
2015-01-07 15:59:00
nvd
nvd
CVE-2014-9447
2015-01-02 20:59:06
CVE-2014-9486
2015-01-07 15:59:00
archlinux
archlinux
lib32-elfutils: directory traversal
2015-03-02 00:00:00
elfutils: directory traversal
2015-03-02 00:00:00
cvelist
cvelist
CVE-2014-9447
2015-01-02 20:00:00
cve
cve
CVE-2014-9447
2015-01-02 20:59:06
CVE-2014-9486
2015-01-07 15:59:00
osv
osv
elfutils-0.167-1.5 on GA media
2024-06-15 00:00:00
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
AI Score
6.3
Confidence
Low
EPSS
0.007
Percentile
80.5%
Related for USN-2482-1