Published: 16/01/2015 Updated: 08/12/2020

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The parse_datetime function in GNU coreutils allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu coreutils
canonical ubuntu linux 10.04
canonical ubuntu linux 12.04
canonical ubuntu linux 14.04

date and touch could be made to crash or run programs if they handled specially crafted input ...

The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=TZ="123"345" @1" string to the touch or date command ...

Menu Log in ...

NVD-CWE-noinfo http://www.openwall.com/lists/oss-security/2014/11/25/4 http://www.openwall.com/lists/oss-security/2015/01/03/11 http://secunia.com/advisories/62226 http://ubuntu.com/usn/usn-2473-1 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766147 http://www.openwall.com/lists/oss-security/2014/11/25/1 http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872 http://advisories.mageia.org/MGASA-2015-0029.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:179 https://security.gentoo.org/glsa/201612-22 https://usn.ubuntu.com/2473-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2014-9471

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-9471

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect