exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 3 of 3 RSS Feed

CVE-2014-9447

Status Candidate

Overview

Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.

Related Files

Mandriva Linux Security Advisory 2015-104
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-104 - The libdw library provides support for accessing DWARF debugging information inside ELF files. An integer overflow flaw in check_section(), leading to a heap-based buffer overflow, was found in the libdw library. A malicious ELF file could cause an application using libdw to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils allows remote attackers to write to arbitrary files to the root directory via a / in a crafted archive, as demonstrated using the ar program.

tags | advisory, remote, overflow, arbitrary, root
systems | linux, mandriva
advisories | CVE-2014-0172, CVE-2014-9447
SHA-256 | 2dc0f5478ae8a0416760b54f46eda2b4b9a524956ed6d38ef3797a37480e1da1
Mandriva Linux Security Advisory 2015-047
Posted Feb 12, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-047 - Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils allows remote attackers to write to arbitrary files to the root directory via a / in a crafted archive, as demonstrated using the ar program.

tags | advisory, remote, arbitrary, root
systems | linux, mandriva
advisories | CVE-2014-9447
SHA-256 | 72bdd7da941cefc3fb4d3fcab073210f54c6225dc876df7b77489666a6946e4f
Ubuntu Security Notice USN-2482-1
Posted Jan 23, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2482-1 - Alexander Cherepanov discovered that libelf1 incorrectly handled certain filesystem paths while extracting ar archives. An attacker could use this flaw to perform a directory traversal attack on the root directory if the process extracting the ar archive has write access to the root directory.

tags | advisory, root
systems | linux, ubuntu
advisories | CVE-2014-9447
SHA-256 | 0501eb5ac15bf63c79698d578fb24ba1292e1cb67bffeeaf249be1b94aca86dd
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close