[arch-security] [ASA-201503-3] lib32-elfutils: directory traversal
Levente Polyak
anthraxx at archlinux.org
Mon Mar 2 21:56:06 UTC 2015
Arch Linux Security Advisory ASA-201503-3
=========================================
Severity: Medium
Date : 2015-03-02
CVE-ID : CVE-2014-9447
Package : lib32-elfutils
Type : directory traversal
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
Summary
=======
The package lib32-elfutils before version 0.161-2 is vulnerable to
directory traversal.
Resolution
==========
Upgrade to 0.161-2.
# pacman -Syu "lib32-elfutils>=0.161-2"
The problem has been fixed upstream but no release is available yet.
Workaround
==========
None.
Description
===========
Directory traversal vulnerability in the read_long_names function in
libelf/elf_begin.c allows remote attackers to write to arbitrary files
to the root directory via a / (slash) in a crafted archive, as
demonstrated using the ar program.
Impact
======
A remote attacker is able to use a specially crafted archive to write to
arbitrary files to the root directory.
References
==========
http://www.openwall.com/lists/oss-security/2014/12/29/2
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9447
https://bugs.archlinux.org/task/44020
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20150302/f6d3854b/attachment.asc>
More information about the arch-security
mailing list