SB2017111521 - Multiple vulnerabilities in GNU Binutils
Published: November 15, 2017 Updated: February 10, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 14 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2017-17121)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section.
2) Heap-based buffer overflow (CVE-ID: CVE-2017-17122)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which. A remote attacker can use a crafted PE file. to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) NULL pointer dereference (CVE-ID: CVE-2017-17123)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can trigger denial of service conditions via a crafted COFF based file.
4) Heap-based buffer overflow (CVE-ID: CVE-2017-17124)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in The _bfd_coff_read_string_table function in coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not properly validate the size of the external string table, which. A remote attacker can use a crafted COFF binary. to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Out-of-bounds read (CVE-ID: CVE-2017-17125)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global symbols, which. A remote attacker can perform a denial of service (_bfd_elf_get_symbol_version_string buffer over-read and application crash) or possibly have unspecified other impact via a crafted ELF file.
6) Buffer overflow (CVE-ID: CVE-2017-17126)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The load_debug_section function in readelf.c in GNU Binutils 2.29.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via an ELF file that lacks section headers.
7) Out-of-bounds read (CVE-ID: CVE-2017-17080)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate sizes of core notes, which. A remote attacker can perform a denial of service (bfd_getl32 heap-based buffer over-read and application crash) via a crafted object file, related to elfcore_grok_netbsd_procinfo, elfcore_grok_openbsd_procinfo, and elfcore_grok_nto_status.
8) Buffer overflow (CVE-ID: CVE-2017-16826)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The coff_slurp_line_table function in coffcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted PE file.
9) Buffer overflow (CVE-ID: CVE-2017-16827)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file.
10) Out-of-bounds read (CVE-ID: CVE-2017-16828)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1. A remote attacker can perform a denial of service (integer overflow and heap-based buffer over-read, and application crash) or possibly have unspecified other impact via a crafted ELF file, related to print_debug_frame.
11) Out-of-bounds read (CVE-ID: CVE-2017-16829)
The vulnerability allows a remote attacker to gain access to perform denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the elf-properties.c function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed file. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and crash the affected application.
12) Integer overflow (CVE-ID: CVE-2017-16830)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The print_gnu_property_note function in readelf.c in GNU Binutils 2.29.1 does not have integer-overflow protection on 32-bit platforms, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted ELF file.
13) Integer overflow (CVE-ID: CVE-2017-16831)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate the symbol count, which allows remote attackers to cause a denial of service (integer overflow and application crash, or excessive memory allocation) or possibly have unspecified other impact via a crafted PE file.
14) Integer overflow (CVE-ID: CVE-2017-16832)
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The pe_bfd_read_buildid function in peicode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, does not validate size and offset values in the data dictionary, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via a crafted PE file.
Remediation
Install update from vendor's website.
References
- https://security.gentoo.org/glsa/201811-17
- https://sourceware.org/bugzilla/show_bug.cgi?id=22506
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b23dc97fe237a1d9e850d7cbeee066183a00630b
- https://sourceware.org/bugzilla/show_bug.cgi?id=22508
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d785b7d4b877ed465d04072e17ca19d0f47d840f
- https://sourceware.org/bugzilla/show_bug.cgi?id=22509
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4581a1c7d304ce14e714b27522ebf3d0188d6543
- https://sourceware.org/bugzilla/show_bug.cgi?id=22507
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b0029dce6867de1a2828293177b0e030d2f0f03c
- https://sourceware.org/bugzilla/show_bug.cgi?id=22443
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=160b1a618ad94988410dc81fce9189fcda5b7ff4
- https://sourceware.org/bugzilla/show_bug.cgi?id=22510
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f425ec6600b69e39eb605f3128806ff688137ea8
- https://sourceware.org/bugzilla/show_bug.cgi?id=22421
- https://sourceware.org/bugzilla/show_bug.cgi?id=22376
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a67d66eb97e7613a38ffe6622d837303b3ecd31d
- https://sourceware.org/bugzilla/show_bug.cgi?id=22306
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0301ce1486b1450f219202677f30d0fa97335419
- https://sourceware.org/bugzilla/show_bug.cgi?id=22386
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bf59c5d5f4f5b8b4da1f5f605cfa546f8029b43d
- https://sourceware.org/bugzilla/show_bug.cgi?id=22307
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cf54ebff3b7361989712fd9c0128a9b255578163
- http://www.securityfocus.com/bid/101941
- https://sourceware.org/bugzilla/show_bug.cgi?id=22384
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6ab2c4ed51f9c4243691755e1b1d2149c6a426f4
- https://sourceware.org/bugzilla/show_bug.cgi?id=22385
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca
- https://sourceware.org/bugzilla/show_bug.cgi?id=22373
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0bb6961f18b8e832d88b490d421ca56cea16c45b