Lucene search

K

Ubuntu.comUB:CVE-2014-9471

HistoryDec 31, 2014 - 12:00 a.m.

CVE-2014-9471

2014-12-3100:00:00

ubuntu.com

ubuntu.com

11

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

87.9%

The parse_datetime function in GNU coreutils allows remote attackers to
cause a denial of service (crash) or possibly execute arbitrary code via a
crafted date string, as demonstrated by the “–date=TZ=“123"345” @1” string
to the touch or date command.

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchcoreutils< 7.4-2ubuntu3.1UNKNOWN
ubuntu12.04noarchcoreutils< 8.13-3ubuntu3.3UNKNOWN
ubuntu14.04noarchcoreutils< 8.21-1ubuntu5.1UNKNOWN

References

debbugs.gnu.org/cgi/bugreport.cgi?bug=16872

debbugs.gnu.org/cgi/bugreport.cgi?msg=11;filename=date-tz-crash.patch;att=1;bug=16872

debbugs.gnu.org/cgi/bugreport.cgi?msg=19;filename=coreutils-date-crash.patch;att=1;bug=16872

launchpad.net/bugs/cve/CVE-2014-9471

nvd.nist.gov/vuln/detail/CVE-2014-9471

security-tracker.debian.org/tracker/CVE-2014-9471

ubuntu.com/security/notices/USN-2473-1

www.cve.org/CVERecord?id=CVE-2014-9471

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

87.9%

Related for UB:CVE-2014-9471

nessus4 cve1 openvas3 mageia1 securityvulns2 debiancve1 gentoo1 prion1 ubuntu1 ibm1