CVE-2014-8737
CVE-2014-8737
Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar.
Produtos afetados
n/a · n/aQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145256.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-December/145352.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2014-December/145746.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-January/148438.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1162655http://secunia.com/advisories/62241http://secunia.com/advisories/62746https://security.gentoo.org/glsa/201612-24https://sourceware.org/bugzilla/show_bug.cgi?id=17533