SUSE SLED12 / SLES12 Security Update : binutils (SUSE-SU-2021:3593-1)

high Nessus Plugin ID 154861

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3593-1 advisory.

- An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.
(CVE-2019-12972)

- An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. (CVE-2019-14250)

- apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf. (CVE-2019-14444)

- find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. (CVE-2019-17450)

- An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm. (CVE-2019-17451)

- An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c. (CVE-2019-9074)

- An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.
(CVE-2019-9075)

- An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section. (CVE-2019-9077)

- A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file. (CVE-2020-16590)

- A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif. (CVE-2020-16591)

- A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.
(CVE-2020-16592)

- A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file. (CVE-2020-16593)

- ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2020-16598)

- A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file. (CVE-2020-16599)

- An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. (CVE-2020-35448)

- A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. (CVE-2020-35493)

- There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. (CVE-2020-35496)

- There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. (CVE-2020-35507)

- There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. (CVE-2021-20197)

- A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in
_bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. (CVE-2021-20284)

- There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption. (CVE-2021-3487)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1126826

https://bugzilla.suse.com/1126829

https://bugzilla.suse.com/1126831

https://bugzilla.suse.com/1140126

https://bugzilla.suse.com/1142649

https://bugzilla.suse.com/1143609

https://bugzilla.suse.com/1153768

https://bugzilla.suse.com/1153770

https://bugzilla.suse.com/1157755

https://bugzilla.suse.com/1160254

https://bugzilla.suse.com/1160590

https://bugzilla.suse.com/1163333

https://bugzilla.suse.com/1163744

https://bugzilla.suse.com/1179036

https://bugzilla.suse.com/1179341

https://bugzilla.suse.com/1179898

https://bugzilla.suse.com/1179899

https://bugzilla.suse.com/1179900

https://bugzilla.suse.com/1179901

https://bugzilla.suse.com/1179902

https://bugzilla.suse.com/1179903

https://bugzilla.suse.com/1180451

https://bugzilla.suse.com/1180454

https://bugzilla.suse.com/1180461

https://bugzilla.suse.com/1181452

https://bugzilla.suse.com/1182252

https://bugzilla.suse.com/1183511

https://bugzilla.suse.com/1184620

https://bugzilla.suse.com/1184794

http://www.nessus.org/u?c459db79

https://www.suse.com/security/cve/CVE-2019-12972

https://www.suse.com/security/cve/CVE-2019-14250

https://www.suse.com/security/cve/CVE-2019-14444

https://www.suse.com/security/cve/CVE-2019-17450

https://www.suse.com/security/cve/CVE-2019-17451

https://www.suse.com/security/cve/CVE-2019-9074

https://www.suse.com/security/cve/CVE-2019-9075

https://www.suse.com/security/cve/CVE-2019-9077

https://www.suse.com/security/cve/CVE-2020-16590

https://www.suse.com/security/cve/CVE-2020-16591

https://www.suse.com/security/cve/CVE-2020-16592

https://www.suse.com/security/cve/CVE-2020-16593

https://www.suse.com/security/cve/CVE-2020-16598

https://www.suse.com/security/cve/CVE-2020-16599

https://www.suse.com/security/cve/CVE-2020-35448

https://www.suse.com/security/cve/CVE-2020-35493

https://www.suse.com/security/cve/CVE-2020-35496

https://www.suse.com/security/cve/CVE-2020-35507

https://www.suse.com/security/cve/CVE-2021-20197

https://www.suse.com/security/cve/CVE-2021-20284

https://www.suse.com/security/cve/CVE-2021-3487

Plugin Details

Severity: High

ID: 154861

File Name: suse_SU-2021-3593-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 11/3/2021

Updated: 11/3/2021

Dependencies: ssh_get_info.nasl

Risk Information

CVSS Score Source: CVE-2019-9077

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:binutils:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:binutils-devel:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:binutils-gold:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:cross-ppc-binutils:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:cross-spu-binutils:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:libctf-nobfd0:*:*:*:*:*:*:*, p-cpe:2.3:a:novell:suse_linux:libctf0:*:*:*:*:*:*:*

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/2/2021

Vulnerability Publication Date: 2/23/2019

Reference Information

CVE: CVE-2019-9075, CVE-2019-9077, CVE-2019-14250, CVE-2019-14444, CVE-2019-12972, CVE-2019-17450, CVE-2019-17451, CVE-2019-9074, CVE-2020-16591, CVE-2020-16599, CVE-2020-16598, CVE-2020-16592, CVE-2020-16593, CVE-2020-16590, CVE-2020-35448, CVE-2020-35496, CVE-2020-35493, CVE-2020-35507, CVE-2021-20197, CVE-2021-20284, CVE-2021-3487

SuSE: SUSE-SU-2021:3593-1