Описание
Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Developer Toolset 2.1 | devtoolset-2-elfutils | Will not fix | ||
| Red Hat Enterprise Linux 5 | elfutils | Will not fix | ||
| Red Hat Enterprise Linux 6 | elfutils | Fixed | RHEA-2015:1302 | 20.07.2015 |
| Red Hat Enterprise Linux 7 | elfutils | Fixed | RHEA-2015:2126 | 19.11.2015 |
Показывать по
Дополнительная информация
Статус:
2.1 Low
CVSS2
Связанные уязвимости
Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.
Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.
Directory traversal vulnerability in the read_long_names function in l ...
2.1 Low
CVSS2