NewStart CGSL CORE 5.05 / MAIN 5.05 : binutils Multiple Vulnerabilities (NS-SA-2022-0025)

high Nessus Plugin ID 160803

Synopsis

The remote NewStart CGSL host is affected by multiple vulnerabilities.

Description

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has binutils packages installed that are affected by multiple vulnerabilities:

- The bfd_cache_close function in bfd/cache.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause a heap use after free and possibly achieve code execution via a crafted nested archive file. This issue occurs because incorrect functions are called during an attempt to release memory. The issue can be addressed by better input validation in the bfd_generic_archive_p function in bfd/archive.c. (CVE-2017-12448)

- remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.
(CVE-2018-12934)

- An issue was discovered in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31. There is a NULL pointer dereference in work_stuff_copy_to_from when called from iterate_demangle_function.
(CVE-2018-17794)

- The get_count function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service (malloc called with the result of an integer-overflowing calculation) or possibly have unspecified other impact via a crafted string, as demonstrated by c++filt.
(CVE-2018-18483)

- A heap-based buffer over-read issue was discovered in the function sec_merge_hash_lookup in merge.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31, because
_bfd_add_merge_section mishandles section merges when size is not a multiple of entsize. A specially crafted ELF allows remote attackers to cause a denial of service, as demonstrated by ld. (CVE-2018-18605)

- An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils through 2.31. There is a heap-based buffer overflow in bfd_elf32_swap_phdr_in in elfcode.h because the number of program headers is not restricted. (CVE-2018-19931)

- apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf. (CVE-2019-14444)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade the vulnerable CGSL binutils packages. Note that updated packages may not be available yet. Please contact ZTE for more information.

See Also

http://security.gd-linux.com/notice/NS-SA-2022-0025

http://security.gd-linux.com/info/CVE-2017-12448

http://security.gd-linux.com/info/CVE-2018-12934

http://security.gd-linux.com/info/CVE-2018-17794

http://security.gd-linux.com/info/CVE-2018-18483

http://security.gd-linux.com/info/CVE-2018-18605

http://security.gd-linux.com/info/CVE-2018-19931

http://security.gd-linux.com/info/CVE-2019-14444

Plugin Details

Severity: High

ID: 160803

File Name: newstart_cgsl_NS-SA-2022-0025_binutils.nasl

Version: 1.3

Type: local

Published: 5/9/2022

Updated: 10/30/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-19931

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:zte:cgsl_core:binutils, p-cpe:/a:zte:cgsl_core:binutils-debuginfo, p-cpe:/a:zte:cgsl_core:binutils-devel, p-cpe:/a:zte:cgsl_main:binutils, p-cpe:/a:zte:cgsl_main:binutils-debuginfo, p-cpe:/a:zte:cgsl_main:binutils-devel, cpe:/o:zte:cgsl_core:5, cpe:/o:zte:cgsl_main:5

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/ZTE-CGSL/release, Host/ZTE-CGSL/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/8/2022

Vulnerability Publication Date: 8/4/2017

Reference Information

CVE: CVE-2017-12448, CVE-2018-12934, CVE-2018-17794, CVE-2018-18483, CVE-2018-18605, CVE-2018-19931, CVE-2019-14444