Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9447
Reference (s):
- BID:71804
- URL: http://www.securityfocus.com/bid/71804
- http://advisories.mageia.org/MGASA-2015-0033.html
- https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e
- FEDORA:FEDORA-2015-0677