Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31644
HistoryJan 25, 2015 - 12:00 a.m.

[USN-2482-1] elfutils vulnerability

2015-01-2500:00:00
vulners.com
25
JSON

==========================================================================
Ubuntu Security Notice USN-2482-1
January 23, 2015

elfutils vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 14.10
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS
  • Ubuntu 10.04 LTS

Summary:

elfutils could be made to overwrite files in the root directory if it received
a specially crafted file.

Software Description:

  • elfutils: collection of utilities to handle ELF objects

Details:

Alexander Cherepanov discovered that libelf1 incorrectly handled certain
filesystem paths while extracting ar archives. An attacker could use this flaw
to perform a directory traversal attack on the root directory if the process
extracting the ar archive has write access to the root directory.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.10:
libelf1 0.160-0ubuntu2.1

Ubuntu 14.04 LTS:
libelf1 0.158-0ubuntu5.2

Ubuntu 12.04 LTS:
libelf1 0.152-1ubuntu3.1

Ubuntu 10.04 LTS:
libelf1 0.143-1ubuntu0.1

After a standard system update you need to restart applications using libelf1
to make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2482-1
CVE-2014-9447

Package Information:
https://launchpad.net/ubuntu/+source/elfutils/0.160-0ubuntu2.1
https://launchpad.net/ubuntu/+source/elfutils/0.158-0ubuntu5.2
https://launchpad.net/ubuntu/+source/elfutils/0.152-1ubuntu3.1
https://launchpad.net/ubuntu/+source/elfutils/0.143-1ubuntu0.1

– ubuntu-security-announce mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Related

fedora 3
nessus 7
debiancve 1
veracode 1
mageia 1
openvas 4
prion 2
ubuntucve 1
ubuntu 1
archlinux 2
cve 2
securityvulns 1
fedora
fedora
[SECURITY] Fedora 21 Update: elfutils-0.161-2.fc21
2015-01-19 01:34:58
[SECURITY] Fedora 21 Update: elfutils-0.163-1.fc21
2015-07-29 01:35:53
[SECURITY] Fedora 20 Update: elfutils-0.161-2.fc20
2015-01-20 20:59:07
nessus
nessus
Fedora 21 : elfutils-0.161-2.fc21 (2015-0692)
2015-01-20 00:00:00
SuSE 11.3 Security Update : elfutils (SAT Patch Number 10328)
2015-03-06 00:00:00
Mandriva Linux Security Advisory : elfutils (MDVSA-2015:047)
2015-02-13 00:00:00
debiancve
debiancve
CVE-2014-9447
2015-01-02 20:59:00
veracode
veracode
Arbitrary File Write
2019-01-15 09:04:00
mageia
mageia
Updated elfutils packages fix CVE-2014-9447
2015-01-20 17:57:33
openvas
openvas
Ubuntu Update for elfutils USN-2482-1
2015-01-23 00:00:00
Fedora Update for elfutils FEDORA-2015-11380
2015-07-30 00:00:00
Fedora Update for elfutils FEDORA-2015-0692
2015-01-19 00:00:00
prion
prion
Directory traversal
2015-01-02 20:59:00
Design/Logic Flaw
2015-01-07 15:59:00
ubuntucve
ubuntucve
CVE-2014-9447
2015-01-02 00:00:00
ubuntu
ubuntu
elfutils vulnerability
2015-01-23 00:00:00
archlinux
archlinux
lib32-elfutils: directory traversal
2015-03-02 00:00:00
elfutils: directory traversal
2015-03-02 00:00:00
cve
cve
CVE-2014-9447
2015-01-02 20:59:00
CVE-2014-9486
2015-01-07 15:59:00
securityvulns
securityvulns
elfutils directory traversal
2015-01-25 00:00:00
JSON
Related for SECURITYVULNS:DOC:31644
fedora3nessus7debiancve1veracode1mageia1openvas4prion2ubuntucve1ubuntu1archlinux2cve2securityvulns1