CVE-2014-4910

Publication date 24 July 2014

Last updated 24 July 2024

Ubuntu priority

Description

Directory traversal vulnerability in tools/backlight_helper.c in X.Org xf86-video-intel 2.99.911 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the interface name.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
xserver-xorg-video-intel	14.04 LTS trusty	Not in release
	13.10 saucy	Not affected
	12.04 LTS precise	Not affected
	10.04 LTS lucid	Ignored end of life

How can I get the fixes?
What do statuses mean?

Notes

mdeslaur

added in 2.99.911

References

MITRE
NVD
Launchpad
Debian

Other references

http://lists.x.org/archives/xorg-commit/2014-July/036840.html
http://www.openwall.com/lists/oss-security/2014/07/11
https://www.cve.org/CVERecord?id=CVE-2014-4910