First published: Tue Nov 11 2014(Updated: )
Directory traversal vulnerability allowing random files deleteion/creation was reported [1] in binutils. Upstream patch is in [2]. Reproducer is available in <a href="https://sourceware.org/bugzilla/show_bug.cgi?id=17552#c0">https://sourceware.org/bugzilla/show_bug.cgi?id=17552#c0</a> [1]: <a href="https://sourceware.org/bugzilla/show_bug.cgi?id=17552">https://sourceware.org/bugzilla/show_bug.cgi?id=17552</a> [2]: <a href="https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42">https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42</a>
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Canonical Ubuntu Linux | =10.04 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =14.10 | |
GNU Binutils | <=2.24 | |
Fedoraproject Fedora | =19 | |
Fedoraproject Fedora | =20 | |
Fedoraproject Fedora | =21 | |
redhat/binutils | <2.25 | 2.25 |
debian/binutils | 2.35.2-2 2.40-2 2.43.50.20241215-1 | |
debian/binutils-mingw-w64 | 8.11 10.4 12 |
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2014-8737.
CVE-2014-8737 has a severity level of medium.
The affected software is GNU binutils version 2.24 and earlier.
Local users can delete arbitrary files or create arbitrary files by using directory traversal techniques in GNU binutils.
You can find more information about CVE-2014-8737 at the following references: [Link 1](http://www.openwall.com/lists/oss-security/2014/11/13/1), [Link 2](https://bugzilla.redhat.com/show_bug.cgi?id=1162655), [Link 3](https://sourceware.org/bugzilla/show_bug.cgi?id=17533).