Detections
Analytics
Ubuntu 20.04 LTS / 22.04 LTS : GNU binutils vulnerabilities (USN-6581-1)
high Nessus Plugin ID 188049
Language:
Synopsis
The remote Ubuntu host is missing one or more security updates.Description
The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6581-1 advisory.- Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c. (CVE-2022-44840)
- Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c. (CVE-2022-45703)
- An issue was discovered function stab_demangle_v3_arg in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. (CVE-2022-47007)
- An issue was discovered function make_tempdir, and make_tempname in bucomm.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. (CVE-2022-47008)
- An issue was discovered function pr_function_type in prdbg.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. (CVE-2022-47010)
- An issue was discovered function parse_stab_struct_fields in stabs.c in Binutils 2.34 thru 2.38, allows attackers to cause a denial of service due to memory leaks. (CVE-2022-47011)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
Plugin Details
Severity: High
ID: 188049
File Name: ubuntu_USN-6581-1.nasl
Version: 1.1
Type: local
Agent: unix
Family: Ubuntu Local Security Checks
Published: 1/15/2024
Updated: 1/15/2024
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 5.6
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2022-45703
CVSS v3
Risk Factor: High
Base Score: 7.8
Temporal Score: 7
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:canonical:ubuntu_linux:binutils, p-cpe:/a:canonical:ubuntu_linux:binutils-arm-linux-gnueabihf, p-cpe:/a:canonical:ubuntu_linux:binutils-common, p-cpe:/a:canonical:ubuntu_linux:binutils-hppa-linux-gnu, p-cpe:/a:canonical:ubuntu_linux:binutils-multiarch, p-cpe:/a:canonical:ubuntu_linux:binutils-i686-gnu, cpe:/o:canonical:ubuntu_linux:22.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:binutils-sh4-linux-gnu, p-cpe:/a:canonical:ubuntu_linux:libbinutils, p-cpe:/a:canonical:ubuntu_linux:libctf-nobfd0, p-cpe:/a:canonical:ubuntu_linux:binutils-i686-kfreebsd-gnu, p-cpe:/a:canonical:ubuntu_linux:binutils-source, p-cpe:/a:canonical:ubuntu_linux:binutils-for-build, p-cpe:/a:canonical:ubuntu_linux:binutils-multiarch-dev, p-cpe:/a:canonical:ubuntu_linux:binutils-x86-64-kfreebsd-gnu, p-cpe:/a:canonical:ubuntu_linux:binutils-i686-linux-gnu, p-cpe:/a:canonical:ubuntu_linux:binutils-riscv64-linux-gnu, p-cpe:/a:canonical:ubuntu_linux:binutils-aarch64-linux-gnu, p-cpe:/a:canonical:ubuntu_linux:binutils-arm-linux-gnueabi, p-cpe:/a:canonical:ubuntu_linux:binutils-alpha-linux-gnu, p-cpe:/a:canonical:ubuntu_linux:binutils-dev, p-cpe:/a:canonical:ubuntu_linux:binutils-for-host, p-cpe:/a:canonical:ubuntu_linux:binutils-s390x-linux-gnu, p-cpe:/a:canonical:ubuntu_linux:binutils-m68k-linux-gnu, p-cpe:/a:canonical:ubuntu_linux:libctf0, cpe:/o:canonical:ubuntu_linux:20.04:-:lts, p-cpe:/a:canonical:ubuntu_linux:binutils-x86-64-linux-gnu, p-cpe:/a:canonical:ubuntu_linux:binutils-x86-64-linux-gnux32
Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 1/15/2024
Vulnerability Publication Date: 8/22/2023
Reference Information
CVE: CVE-2022-44840, CVE-2022-45703, CVE-2022-47007, CVE-2022-47008, CVE-2022-47010, CVE-2022-47011
USN: 6581-1