CVE-2014-4910

Published: Jul 24, 2014Modified: May 6, 2026

4.6

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 3.9 / Impact: 6.4

Source: NVD

Description

Directory traversal vulnerability in tools/backlight_helper.c in X.Org xf86-video-intel 2.99.911 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the interface name.

Affected (1)

Products: X: Xf86 Video Intel

1 product

Xf86 Video Intel

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
X Xf86 Video Intel	Version 2.99.911

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (10)

http://lists.x.org/archives/xorg-commit/2014-July/036840.html

Source: cve@mitre.org

http://osvdb.org/show/osvdb/108851

Source: cve@mitre.org

http://seclists.org/oss-sec/2014/q3/138

Source: cve@mitre.org

http://seclists.org/oss-sec/2014/q3/39

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/94746

Source: cve@mitre.org

http://lists.x.org/archives/xorg-commit/2014-July/036840.html