Candidate: CVE-2014-7951
PublicDate: 2020-02-20 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7951
 http://packetstormsecurity.com/files/131510/ADB-Backup-Traversal-File-Overwrite.html
 http://seclists.org/fulldisclosure/2015/Apr/51
 https://android.googlesource.com/platform/frameworks/base/+/7bc601d%5E!/#F0
 https://www.exploit-db.com/exploits/36813/
Description:
 Directory traversal vulnerability in the Android debug bridge (aka adb) in
 Android 4.0.4 allows physically proximate attackers with a direct
 connection to the target Android device to write to arbitrary files owned
 by system via a .. (dot dot) in the tar archive headers.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: untriaged
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [4.6 MEDIUM]


Patches_android-framework-23:
upstream_android-framework-23: released (6.0.1+72-5)
precise/esm_android-framework-23: DNE
trusty_android-framework-23: ignored (out of standard support)
trusty/esm_android-framework-23: DNE
xenial_android-framework-23: DNE
bionic_android-framework-23: not-affected (6.0.1+72-5)
eoan_android-framework-23: not-affected (6.0.1+72-5)
devel_android-framework-23: not-affected (6.0.1+72-5)