CVE-2014-9447 (retired)

Priority
Description
Directory traversal vulnerability in the read_long_names function in
libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to
write to arbitrary files to the root directory via a / (slash) in a crafted
archive, as demonstrated using the ar program.
Notes
 tyhicks> Directory traversal is restricted to the root directory
Assigned-to
tyhicks
Package
Upstream:released (0.159-4.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (0.158-0ubuntu5.2)
More Information

Updated: 2019-03-26 12:13:51 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)