Mandriva Linux Security Advisory : binutils (MDVSA-2015:029-1)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple vulnerabilities has been found and corrected in binutils :

Multiple integer overflows in the (1) _objalloc_alloc function in
objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU
libiberty, as used by binutils 2.22, allow remote attackers to cause a
denial of service (crash) via vectors related to the addition of
CHUNK_HEADER_SIZE to the length, which triggers a heap-based buffer
overflow (CVE-2012-3509).

The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before
2.25 allows remote attackers to cause a denial of service
(out-of-bounds read) via a small S-record (CVE-2014-8484).

The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24
and earlier allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via crafted section group
headers in an ELF file (CVE-2014-8485).

The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU
binutils 2.24 and earlier allows remote attackers to cause a denial of
service (out-of-bounds write) and possibly have other unspecified
impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a
PE executable (CVE-2014-8501).

Heap-based buffer overflow in the pe_print_edata function in
bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote
attackers to cause a denial of service (crash) and possibly have other
unspecified impact via a truncated export table in a PE file
(CVE-2014-8502).

Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in
GNU binutils 2.24 and earlier allows remote attackers to cause a
denial of service (crash) and possibly have other unspecified impact
via a crafted ihex file (CVE-2014-8503).

Stack-based buffer overflow in the srec_scan function in bfd/srec.c in
GNU binutils 2.24 and earlier allows remote attackers to cause a
denial of service (crash) and possibly have other unspecified impact
via a crafted file (CVE-2014-8504).

Multiple directory traversal vulnerabilities in GNU binutils 2.24 and
earlier allow local users to delete arbitrary files via a .. (dot dot)
or full path name in an archive to (1) strip or (2) objcopy or create
arbitrary files via (3) a .. (dot dot) or full path name in an archive
to ar (CVE-2014-8737).

The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU
binutils 2.24 and earlier allows remote attackers to cause a denial of
service (invalid write, segmentation fault, and crash) via a crafted
extended name table in an archive (CVE-2014-8738).

The updated packages provides a solution for these security issues.

Solution :

Update the affected binutils and / or lib64binutils-devel packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now