Published: 09/12/2014 Updated: 07/11/2023

CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9

VMScore: 320

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P

Multiple directory traversal vulnerabilities in GNU binutils 2.24 and previous versions allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.

Vulnerable Product	Search on Vulmon	Subscribe to Product
canonical ubuntu linux 12.04
canonical ubuntu linux 14.10
canonical ubuntu linux 14.04
canonical ubuntu linux 10.04
gnu binutils
fedoraproject fedora 20
fedoraproject fedora 21
fedoraproject fedora 19

Synopsis Moderate: binutils security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic Updated binutils packages that fix multiple security issues, several bugs,and add various enhancements are now available for Red Hat EnterpriseLinux 7Red Hat Product Security has rated this ...

Applications from GNU binutils could be made to crash, run programs, or delete arbitrary files as your login if they opened a specially crafted file ...

Multiple security issues have been found in binutils, a toolbox for binary file manipulation These vulnerabilities include multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions, path traversal attack or denial of service For ...

A directory traversal flaw was found in the strip and objcopy utilities A specially crafted file could cause strip or objdump to overwrite an arbitrary file writable by the user running either of these utilities A buffer overflow flaw was found in the way various binutils utilities processed certain files If a user were tricked into processing a ...

A directory traversal flaw was found in the strip and objcopy utilities A specially crafted file could cause strip or objdump to overwrite an arbitrary file writable by the user running either of these utilities ...

CWE-22 https://sourceware.org/bugzilla/show_bug.cgi?id=17533 http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145352.html https://bugzilla.redhat.com/show_bug.cgi?id=1162655 http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145746.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145256.html https://sourceware.org/bugzilla/show_bug.cgi?id=17552 http://www.openwall.com/lists/oss-security/2014/11/13/1 http://secunia.com/advisories/62241 http://secunia.com/advisories/62746 http://www.ubuntu.com/usn/USN-2496-1 http://www.mandriva.com/security/advisories?name=MDVSA-2015:029 http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148438.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html http://www.securityfocus.com/bid/70908 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html https://security.gentoo.org/glsa/201612-24 https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=dd9b91de2149ee81d47f708e7b0bbf57da10ad42 https://access.redhat.com/errata/RHSA-2015:2079 https://usn.ubuntu.com/2496-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-8737

CVE-2014-8737

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect