Lucene search

Veracode Vulnerability DatabaseVERACODE:11567

HistoryJan 15, 2019 - 9:04 a.m.

Arbitrary File Write

2019-01-1509:04:00

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.009 Low

EPSS

Percentile

83.3%

JSON

elfutils is vulnerable to arbitrary file write attacks. The vulnerability exists as a directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.

CPENameOperatorVersion
elfutilseq0.152__1.el6
elfutilseq0.158__3.2.el6
elfutilseq0.148__1.el6

Name	Operator	Version
elfutils	eq	0.152__1.el6
elfutils	eq	0.158__3.2.el6
elfutils	eq	0.148__1.el6

References

advisories.mageia.org/MGASA-2015-0033.html

lists.fedoraproject.org/pipermail/package-announce/2015-January/148321.html

lists.fedoraproject.org/pipermail/package-announce/2015-January/148326.html

secunia.com/advisories/61934

secunia.com/advisories/62560

secunia.com/advisories/62661

www.mandriva.com/security/advisories?name=MDVSA-2015:047

www.openwall.com/lists/oss-security/2014/12/29/2

www.securityfocus.com/bid/71804

access.redhat.com/errata/RHEA-2015:1302

access.redhat.com/security/cve/CVE-2014-9447

bugzilla.redhat.com/show_bug.cgi?id=1167724

git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e

lists.fedorahosted.org/pipermail/elfutils-devel/2014-December/004499.html

0.009 Low

EPSS

Percentile

83.3%

JSON

Related for VERACODE:11567