https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-parse_die-dwarf1-c/

https://sourceware.org/bugzilla/show_bug.cgi?id=22202

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1da5c9a485f3dcac4c45e96ef4b7dae5948314b5

According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - An integer wraparound has been discovered in the Binary     File Descriptor (BFD) library distributed in GNU     Binutils up to version 2.30. An attacker could cause a     crash by providing an ELF file with corrupted DWARF     debug information.(CVE-2018-7568)

  - A stack-based buffer overflow flaw was found in the way     various binutils utilities processed certain files. If     a user were tricked into processing a specially crafted     file, it could cause the utility used to process that     file to crash or, potentially, execute arbitrary code     with the privileges of the user running that     utility.(CVE-2014-8501)

  - The coff_slurp_line_table function in coffcode.h in the     Binary File Descriptor (BFD) library (aka libbfd), as     distributed in GNU Binutils 2.29.1, allows remote     attackers to cause a denial of service (invalid memory     access and application crash) or possibly have     unspecified other impact via a crafted PE     file.(CVE-2017-16826)

  - It was found that the fix for the CVE-2014-8485 issue     was incomplete: a heap-based buffer overflow in the     objdump utility could cause it to crash or,     potentially, execute arbitrary code with the privileges     of the user running objdump when processing specially     crafted files.(CVE-2014-8502)

  - A directory traversal flaw was found in the strip and     objcopy utilities. A specially crafted file could cause     strip or objdump to overwrite an arbitrary file     writable by the user running either of these     utilities.(CVE-2014-8737)

  - The bfd_section_from_shdr function in elf.c in the     Binary File Descriptor (BFD) library (aka libbfd), as     distributed in GNU Binutils 2.30, allows remote     attackers to cause a denial of service (segmentation     fault) via a large attribute section.(CVE-2018-8945)

  - In the coff_pointerize_aux function in coffgen.c in the     Binary File Descriptor (BFD) library (aka libbfd), as     distributed in GNU Binutils 2.30, an index is not     validated, which allows remote attackers to cause a     denial of service (segmentation fault) or possibly have     unspecified other impact via a crafted file, as     demonstrated by objcopy of a COFF     object.(CVE-2018-7208)

  - dwarf1.c in the Binary File Descriptor (BFD) library     (aka libbfd), as distributed in GNU Binutils 2.29,     mishandles pointers, which allows remote attackers to     cause a denial of service (application crash) or     possibly have unspecified other impact via a crafted     ELF file, related to parse_die and parse_line_table, as     demonstrated by a parse_die heap-based buffer     over-read.(CVE-2017-15020)

  - A buffer overflow flaw was found in the way various     binutils utilities processed certain files. If a user     were tricked into processing a specially crafted file,     it could cause the utility used to process that file to     crash or, potentially, execute arbitrary code with the     privileges of the user running that     utility.(CVE-2014-8485)

  - An integer overflow flaw was found in the way the     strings utility processed certain files. If a user were     tricked into running the strings utility on a specially     crafted file, it could cause the strings executable to     crash.(CVE-2014-8484)

  - A heap-based buffer overflow flaw was found in the way     certain binutils utilities processed archive files. If     a user were tricked into processing a specially crafted     archive file, it could cause the utility used to     process that archive to crash or, potentially, execute     arbitrary code with the privileges of the user running     that utility.(CVE-2014-8738)

  - The swap_std_reloc_in function in aoutx.h in the Binary     File Descriptor (BFD) library (aka libbfd), as     distributed in GNU Binutils 2.30, allows remote     attackers to cause a denial of service     (aout_32_swap_std_reloc_out NULL pointer dereference     and application crash) via a crafted ELF file, as     demonstrated by objcopy.(CVE-2018-7642)

  - The display_debug_frames function in dwarf.c in GNU     Binutils 2.29.1 allows remote attackers to cause a     denial of service (integer overflow and heap-based     buffer over-read, and application crash) or possibly     have unspecified other impact via a crafted ELF file,     related to print_debug_frame.(CVE-2017-16828)

  - A stack-based buffer overflow flaw was found in the     SREC parser of the libbfd library. A specially crafted     file could cause an application using the libbfd     library to crash or, potentially, execute arbitrary     code with the privileges of the user running that     application.(CVE-2014-8504)

  - An integer wraparound has been discovered in the Binary     File Descriptor (BFD) library distributed in GNU     Binutils up to version 2.30. An attacker could cause a     crash by providing an ELF file with corrupted DWARF     debug information.(CVE-2018-7569)

  - A stack-based buffer overflow flaw was found in the way     objdump processed IHEX files. A specially crafted IHEX     file could cause objdump to crash or, potentially,     execute arbitrary code with the privileges of the user     running objdump.(CVE-2014-8503)

  - coffgen.c in the Binary File Descriptor (BFD) library     (aka libbfd), as distributed in GNU Binutils 2.29.1,     does not validate the symbol count, which allows remote     attackers to cause a denial of service (integer     overflow and application crash, or excessive memory     allocation) or possibly have unspecified other impact     via a crafted PE file.(CVE-2017-16831)

  - The aout_get_external_symbols function in aoutx.h in     the Binary File Descriptor (BFD) library (aka libbfd),     as distributed in GNU Binutils 2.29.1, allows remote     attackers to cause a denial of service (slurp_symtab     invalid free and application crash) or possibly have     unspecified other impact via a crafted ELF     file.(CVE-2017-16827)

  - The display_debug_ranges function in dwarf.c in GNU     Binutils 2.30 allows remote attackers to cause a denial     of service (integer overflow and application crash) or     possibly have unspecified other impact via a crafted     ELF file, as demonstrated by objdump.(CVE-2018-7643)

  - An issue was discovered in the Binary File Descriptor     (BFD) library (aka libbfd), as distributed in GNU     Binutils through 2.31. There is an integer overflow and     infinite loop caused by the IS_CONTAINED_BY_LMA macro     in elf.c.(CVE-2018-19932)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of [gnutls, c-ares, nginx, mercurial, linux, mesos, git, binutils, krb5, dnsmasq] packages for PhotonOS has been released.

According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - The process_version_sections function in readelf.c in     GNU Binutils 2.29 allows attackers to cause a denial of     service (Integer Overflow, and hang because of a     time-consuming loop) or possibly have unspecified other     impact via a crafted binary file with invalid values of     ent.vn_next, during 'readelf -a'     execution.(CVE-2017-14333)

  - dwarf1.c in the Binary File Descriptor (BFD) library     (aka libbfd), as distributed in GNU Binutils 2.29,     mishandles pointers, which allows remote attackers to     cause a denial of service (application crash) or     possibly have unspecified other impact via a crafted     ELF file, related to parse_die and parse_line_table, as     demonstrated by a parse_die heap-based buffer     over-read.(CVE-2017-15020)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
124934	EulerOS Virtualization 3.0.1.0 : binutils (EulerOS-SA-2019-1431)	Nessus	Huawei Local Security Checks	high
111887	Photon OS 1.0: Binutils / C / Dnsmasq / Git / Gnutls / Krb5 / Linux / Mercurial / Mesos / Nginx PHSA-2017-0038 (deprecated)	Nessus	PhotonOS Local Security Checks	high
104332	EulerOS 2.0 SP2 : binutils (EulerOS-SA-2017-1279)	Nessus	Huawei Local Security Checks	medium
104331	EulerOS 2.0 SP1 : binutils (EulerOS-SA-2017-1278)	Nessus	Huawei Local Security Checks	medium

CVE-2017-15020

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins