FreeBSD : GNU binutils -- multiple vulnerabilities (f6a014cd-d268-11e4-8339-001e679db764)

High Nessus Plugin ID 82064

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

US-CERT/NIST reports :

The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.

US-CERT/NIST reports :

Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.

US-CERT/NIST reports :

Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.

Solution

Update the affected packages.

See Also

https://nvd.nist.gov/vuln/detail/CVE-2014-8501

https://nvd.nist.gov/vuln/detail/CVE-2014-8502

https://nvd.nist.gov/vuln/detail/CVE-2014-8503

http://www.nessus.org/u?17f6dac4

Plugin Details

Severity: High

ID: 82064

File Name: freebsd_pkg_f6a014cdd26811e48339001e679db764.nasl

Version: 1.4

Type: local

Published: 2015/03/25

Updated: 2018/12/19

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:cross-binutils, p-cpe:/a:freebsd:freebsd:m6811-binutils, p-cpe:/a:freebsd:freebsd:x86_64-pc-mingw32-binutils, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2015/03/24

Vulnerability Publication Date: 2014/12/09

Reference Information

CVE: CVE-2014-8501, CVE-2014-8502, CVE-2014-8503