Vulnerability Details : CVE-2014-4910
Directory traversal vulnerability in tools/backlight_helper.c in X.Org xf86-video-intel 2.99.911 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the interface name.
Vulnerability category: Directory traversal
Products affected by CVE-2014-4910
- cpe:2.3:a:x:xf86-video-intel:2.99.911:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-4910
0.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 53 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-4910
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
CWE ids for CVE-2014-4910
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-4910
-
http://lists.x.org/archives/xorg-commit/2014-July/036840.html
xf86-video-intel: tools/backlight_helper.c
-
http://seclists.org/oss-sec/2014/q3/138
oss-sec: Re: X.Org intel driver dev snapshots, backlight helper issue
-
http://osvdb.org/show/osvdb/108851
-
http://seclists.org/oss-sec/2014/q3/39
oss-sec: X.Org intel driver dev snapshots, backlight helper issue
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/94746
X.Org xf86-video-intel video driver tools/backlight_helper.c directory traversal CVE-2014-4910 Vulnerability Report
Jump to