VDB

GCVE-110-MAGEIA-2015-33

GCVE-110-MAGEIA-2015-33
Advisory Published
Vulnetix · Advisory published January 20, 2015
Updated elfutils packages fix security vulnerability: Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program (CVE-2014-9447).

Affected Products

VendorProductVersionsPlatforms
Mageiaisodumper0 (affected), 0.41-1.mga4 (unaffected)
Mageiaelfutils0 (affected), 0.157-3.2.mga4 (unaffected), 0 (affected), 0.157-3.2.mga4 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›