CVE-2014-8737

LOW
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.

References

http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145256.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145352.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145746.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148438.html

http://secunia.com/advisories/62241

http://secunia.com/advisories/62746

http://www.mandriva.com/security/advisories?name=MDVSA-2015:029

http://www.openwall.com/lists/oss-security/2014/11/13/1

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

http://www.securityfocus.com/bid/70908

http://www.ubuntu.com/usn/USN-2496-1

https://bugzilla.redhat.com/show_bug.cgi?id=1162655

https://security.gentoo.org/glsa/201612-24

https://sourceware.org/bugzilla/show_bug.cgi?id=17533

https://sourceware.org/bugzilla/show_bug.cgi?id=17552

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42

Details

Source: MITRE

Published: 2014-12-09

Updated: 2017-07-01

Type: CWE-22

Risk Information

CVSS v2

Base Score: 3.6

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P

Impact Score: 4.9

Exploitability Score: 3.9

Severity: LOW

Tenable Plugins

View all (22 total)

IDNameProductFamilySeverity
124934EulerOS Virtualization 3.0.1.0 : binutils (EulerOS-SA-2019-1431)NessusHuawei Local Security Checks
high
95640GLSA-201612-24 : Binutils: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
87550Scientific Linux Security Update : binutils on SL7.x x86_64 (20151119)NessusScientific Linux Local Security Checks
high
87346Amazon Linux AMI : binutils (ALAS-2015-620)NessusAmazon Linux Local Security Checks
high
87127CentOS 7 : binutils (CESA-2015:2079)NessusCentOS Local Security Checks
high
87018Oracle Linux 7 : binutils (ELSA-2015-2079)NessusOracle Linux Local Security Checks
high
86928RHEL 7 : binutils (RHSA-2015:2079)NessusRed Hat Local Security Checks
high
82301Debian DLA-184-1 : binutils security updateNessusDebian Local Security Checks
high
81255Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : binutils vulnerabilities (USN-2496-1)NessusUbuntu Local Security Checks
high
81195Mandriva Linux Security Advisory : binutils (MDVSA-2015:029-1)NessusMandriva Local Security Checks
high
81076SuSE 11.3 Security Update : binutils (SAT Patch Number 10214)NessusSuSE Local Security Checks
high
80897Fedora 21 : binutils-2.24-30.fc21 (2015-0750)NessusFedora Local Security Checks
medium
80894Fedora 20 : cross-binutils-2.25-3.fc20 (2015-0471)NessusFedora Local Security Checks
high
80444Debian DSA-3123-1 : binutils - security updateNessusDebian Local Security Checks
high
80326Fedora 20 : mingw-binutils-2.24-5.fc20 (2014-17603)NessusFedora Local Security Checks
high
80321Fedora 21 : mingw-binutils-2.25-1.fc21 (2014-17586)NessusFedora Local Security Checks
high
79766Fedora 21 : avr-binutils-2.24-4.fc21 (2014-14995)NessusFedora Local Security Checks
high
79765Fedora 21 : arm-none-eabi-binutils-cs-2014.05.28-3.fc21 (2014-14888)NessusFedora Local Security Checks
high
79764Fedora 19 : arm-none-eabi-binutils-cs-2014.05.28-3.fc19 (2014-14874)NessusFedora Local Security Checks
high
79763Fedora 19 : avr-binutils-2.24-3.fc19 (2014-14838)NessusFedora Local Security Checks
high
79748Fedora 20 : avr-binutils-2.24-3.fc20 (2014-14963)NessusFedora Local Security Checks
high
79747Fedora 20 : arm-none-eabi-binutils-cs-2014.05.28-3.fc20 (2014-14833)NessusFedora Local Security Checks
high