FreeBSD : GNU binutils -- multiple vulnerabilities (f6a014cd-d268-11e4-8339-001e679db764)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

US-CERT/NIST reports :

The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU
binutils 2.24 and earlier allows remote attackers to cause a denial of
service (out-of-bounds write) and possibly have other unspecified
impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a
PE executable.

US-CERT/NIST reports :

Heap-based buffer overflow in the pe_print_edata function in
bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote
attackers to cause a denial of service (crash) and possibly have other
unspecified impact via a truncated export table in a PE file.

US-CERT/NIST reports :

Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in
GNU binutils 2.24 and earlier allows remote attackers to cause a
denial of service (crash) and possibly have other unspecified impact
via a crafted ihex file.

See also :

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8501
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8502
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8503
http://www.nessus.org/u?b07d0b44

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 82064 ()

Bugtraq ID:

CVE ID: CVE-2014-8501
CVE-2014-8502
CVE-2014-8503

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now