Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2014-9471HistoryJan 16, 2015 - 4:59 p.m.
CVE-2014-9471
2015-01-1616:59:08
Debian Security Bug Tracker
security-tracker.debian.org
13
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.014
Percentile
86.7%
The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the “–date=TZ=“123"345” @1” string to the touch or date command.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | coreutils | < 8.23-1 | coreutils_8.23-1_all.deb |
| Debian | 11 | all | coreutils | < 8.23-1 | coreutils_8.23-1_all.deb |
| Debian | 999 | all | coreutils | < 8.23-1 | coreutils_8.23-1_all.deb |
| Debian | 13 | all | coreutils | < 8.23-1 | coreutils_8.23-1_all.deb |
Related
securityvulns
securityvulns
GNU coreutils memory corruption
2015-01-19 00:00:00
[USN-2473-1] coreutils vulnerabilities
2015-01-19 00:00:00
nessus
nessus
SuSE 11.3 Security Update : coreutils (SAT Patch Number 10620)
2015-04-29 00:00:00
GLSA-201612-22 : Coreutils: Arbitrary code execution
2016-12-08 00:00:00
Mandriva Linux Security Advisory : coreutils (MDVSA-2015:179)
2015-03-31 00:00:00
cvelist
cvelist
CVE-2014-9471
2015-01-16 16:00:00
cve
cve
CVE-2014-9471
2015-01-16 16:59:08
gentoo
gentoo
Coreutils: Arbitrary code execution
2016-12-08 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2015:0792-1)
2021-06-09 00:00:00
Mageia: Security Advisory (MGASA-2015-0029)
2022-01-28 00:00:00
Ubuntu: Security Advisory (USN-2473-1)
2015-01-23 00:00:00
mageia
mageia
Updated coreutils packages fix CVE-2014-9471
2015-01-19 19:47:36
prion
prion
Command injection
2015-01-16 16:59:00
nvd
nvd
CVE-2014-9471
2015-01-16 16:59:08
ubuntucve
ubuntucve
CVE-2014-9471
2014-12-31 00:00:00
ubuntu
ubuntu
coreutils vulnerabilities
2015-01-14 00:00:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps
2024-01-31 19:20:21
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
0.014
Percentile
86.7%
Related for DEBIANCVE:CVE-2014-9471