exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 3 of 3 RSS Feed

CVE-2014-9447

Status Candidate

Overview

Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.

Related Files

Mandriva Linux Security Advisory 2015-104
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-104 - The libdw library provides support for accessing DWARF debugging information inside ELF files. An integer overflow flaw in check_section(), leading to a heap-based buffer overflow, was found in the libdw library. A malicious ELF file could cause an application using libdw to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils allows remote attackers to write to arbitrary files to the root directory via a / in a crafted archive, as demonstrated using the ar program.

tags | advisory, remote, overflow, arbitrary, root
systems | linux, mandriva
advisories | CVE-2014-0172, CVE-2014-9447
SHA-256 | 2dc0f5478ae8a0416760b54f46eda2b4b9a524956ed6d38ef3797a37480e1da1
Mandriva Linux Security Advisory 2015-047
Posted Feb 12, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-047 - Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils allows remote attackers to write to arbitrary files to the root directory via a / in a crafted archive, as demonstrated using the ar program.

tags | advisory, remote, arbitrary, root
systems | linux, mandriva
advisories | CVE-2014-9447
SHA-256 | 72bdd7da941cefc3fb4d3fcab073210f54c6225dc876df7b77489666a6946e4f
Ubuntu Security Notice USN-2482-1
Posted Jan 23, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2482-1 - Alexander Cherepanov discovered that libelf1 incorrectly handled certain filesystem paths while extracting ar archives. An attacker could use this flaw to perform a directory traversal attack on the root directory if the process extracting the ar archive has write access to the root directory.

tags | advisory, root
systems | linux, ubuntu
advisories | CVE-2014-9447
SHA-256 | 0501eb5ac15bf63c79698d578fb24ba1292e1cb67bffeeaf249be1b94aca86dd
Page 1 of 1
Back1Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    0 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    0 Files
  • 6
    Sep 6th
    0 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close