Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : binutils vulnerabilities (USN-2496-1)

High Nessus Plugin ID 81255

Synopsis

The remote Ubuntu host is missing one or more security-related patches.

Description

Michal Zalewski discovered that the setup_group function in libbfd in GNU binutils did not properly check group headers in ELF files. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code.
(CVE-2014-8485)

Hanno Bock discovered that the _bfd_XXi_swap_aouthdr_in function in libbfd in GNU binutils allowed out-of-bounds writes. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code.
(CVE-2014-8501)

Hanno Bock discovered a heap-based buffer overflow in the pe_print_edata function in libbfd in GNU binutils. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code.
(CVE-2014-8502)

Alexander Cherepanov discovered multiple directory traversal vulnerabilities in GNU binutils. An attacker could use this to craft input that could delete arbitrary files. (CVE-2014-8737)

Alexander Cherepanov discovered the _bfd_slurp_extended_name_table function in libbfd in GNU binutils allowed invalid writes when handling extended name tables in an archive. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8738)

Hanno Bock discovered a stack-based buffer overflow in the ihex_scan function in libbfd in GNU binutils. An attacker could use this to craft input that could cause a denial of service (application crash).
(CVE-2014-8503)

Michal Zalewski discovered a stack-based buffer overflow in the srec_scan function in libbfd in GNU binutils. An attacker could use this to to craft input that could cause a denial of service (application crash); the GNU C library's Fortify Source printf protection should prevent the possibility of executing arbitrary code.
(CVE-2014-8504)

Michal Zalewski discovered that the srec_scan function in libbfd in GNU binutils allowed out-of-bounds reads. An attacker could use this to craft input to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS.
(CVE-2014-8484)

Sang Kil Cha discovered multiple integer overflows in the
_objalloc_alloc function and objalloc_alloc macro in binutils. This could allow an attacker to cause a denial of service (application crash). This issue only affected Ubuntu 12.04 LTS and Ubuntu 10.04 LTS. (CVE-2012-3509)

Alexander Cherepanov and Hanno Bock discovered multiple additional out-of-bounds reads and writes in GNU binutils. An attacker could use these to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. A few of these issues may be limited in exposure to a denial of service (application abort) by the GNU C library's Fortify Source printf protection.

The strings(1) utility in GNU binutils used libbfd by default when examining executable object files; unfortunately, libbfd was not originally developed with the expectation of hostile input. As a defensive measure, the behavior of strings has been changed to default to 'strings --all' behavior, which does not use libbfd; use the new argument to strings, '--data', to recreate the old behavior.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected binutils and / or binutils-multiarch packages.

See Also

https://usn.ubuntu.com/2496-1/

Plugin Details

Severity: High

ID: 81255

File Name: ubuntu_USN-2496-1.nasl

Version: 1.6

Type: local

Agent: unix

Published: 2015/02/10

Updated: 2019/01/02

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:binutils, p-cpe:/a:canonical:ubuntu_linux:binutils-multiarch, cpe:/o:canonical:ubuntu_linux:10.04:-:lts, cpe:/o:canonical:ubuntu_linux:12.04:-:lts, cpe:/o:canonical:ubuntu_linux:14.04, cpe:/o:canonical:ubuntu_linux:14.10

Required KB Items: Host/cpu, Host/Ubuntu, Host/Ubuntu/release, Host/Debian/dpkg-l

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2015/02/09

Reference Information

CVE: CVE-2012-3509, CVE-2014-8484, CVE-2014-8485, CVE-2014-8501, CVE-2014-8502, CVE-2014-8503, CVE-2014-8504, CVE-2014-8737, CVE-2014-8738

BID: 55281, 70714, 70741, 70761, 70866, 70868, 70869, 70908, 71083

USN: 2496-1