Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : binutils vulnerabilities (USN-2496-1)

Ubuntu Security Notice (C) 2015-2016 Canonical, Inc. / NASL script (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote Ubuntu host is missing one or more security-related
patches.

Description :

Michal Zalewski discovered that the setup_group function in libbfd in
GNU binutils did not properly check group headers in ELF files. An
attacker could use this to craft input that could cause a denial of
service (application crash) or possibly execute arbitrary code.
(CVE-2014-8485)

Hanno Bock discovered that the _bfd_XXi_swap_aouthdr_in function in
libbfd in GNU binutils allowed out-of-bounds writes. An attacker could
use this to craft input that could cause a denial of service
(application crash) or possibly execute arbitrary code.
(CVE-2014-8501)

Hanno Bock discovered a heap-based buffer overflow in the
pe_print_edata function in libbfd in GNU binutils. An attacker could
use this to craft input that could cause a denial of service
(application crash) or possibly execute arbitrary code.
(CVE-2014-8502)

Alexander Cherepanov discovered multiple directory traversal
vulnerabilities in GNU binutils. An attacker could use this to craft
input that could delete arbitrary files. (CVE-2014-8737)

Alexander Cherepanov discovered the _bfd_slurp_extended_name_table
function in libbfd in GNU binutils allowed invalid writes when
handling extended name tables in an archive. An attacker could use
this to craft input that could cause a denial of service (application
crash) or possibly execute arbitrary code. (CVE-2014-8738)

Hanno Bock discovered a stack-based buffer overflow in the ihex_scan
function in libbfd in GNU binutils. An attacker could use this to
craft input that could cause a denial of service (application crash).
(CVE-2014-8503)

Michal Zalewski discovered a stack-based buffer overflow in the
srec_scan function in libbfd in GNU binutils. An attacker could use
this to to craft input that could cause a denial of service
(application crash); the GNU C library's Fortify Source printf
protection should prevent the possibility of executing arbitrary code.
(CVE-2014-8504)

Michal Zalewski discovered that the srec_scan function in libbfd in
GNU binutils allowed out-of-bounds reads. An attacker could use this
to craft input to cause a denial of service. This issue only affected
Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS.
(CVE-2014-8484)

Sang Kil Cha discovered multiple integer overflows in the
_objalloc_alloc function and objalloc_alloc macro in binutils. This
could allow an attacker to cause a denial of service (application
crash). This issue only affected Ubuntu 12.04 LTS and Ubuntu 10.04
LTS. (CVE-2012-3509)

Alexander Cherepanov and Hanno Bock discovered multiple additional
out-of-bounds reads and writes in GNU binutils. An attacker could use
these to craft input that could cause a denial of service (application
crash) or possibly execute arbitrary code. A few of these issues may
be limited in exposure to a denial of service (application abort) by
the GNU C library's Fortify Source printf protection.

The strings(1) utility in GNU binutils used libbfd by default when
examining executable object files; unfortunately, libbfd was not
originally developed with the expectation of hostile input. As a
defensive measure, the behavior of strings has been changed to default
to 'strings --all' behavior, which does not use libbfd; use the new
argument to strings, '--data', to recreate the old behavior.

Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

Solution :

Update the affected binutils and / or binutils-multiarch packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now