SUSE SLED12 / SLES12 Security Update : binutils (SUSE-SU-2021:3593-1)

high Nessus Plugin ID 154861

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLED12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3593-1 advisory.

- An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character.
(CVE-2019-12972)

- An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. (CVE-2019-14250)

- apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf. (CVE-2019-14444)

- find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. (CVE-2019-17450)

- An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm. (CVE-2019-17451)

- An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c. (CVE-2019-9074)

- An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.
(CVE-2019-9075)

- An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section. (CVE-2019-9077)

- A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file. (CVE-2020-16590)

- A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif. (CVE-2020-16591)

- A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.
(CVE-2020-16592)

- A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file. (CVE-2020-16593)

- A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file. (CVE-2020-16599)

- An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. (CVE-2020-35448)

- A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. (CVE-2020-35493)

- There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. (CVE-2020-35496)

- There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. (CVE-2020-35507)

- There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. (CVE-2021-20197)

- A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in
_bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. (CVE-2021-20284)

- There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption. (CVE-2021-3487)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1126826

https://bugzilla.suse.com/1126829

https://bugzilla.suse.com/1126831

https://bugzilla.suse.com/1140126

https://bugzilla.suse.com/1142649

https://bugzilla.suse.com/1143609

https://bugzilla.suse.com/1153768

https://bugzilla.suse.com/1153770

https://bugzilla.suse.com/1157755

https://bugzilla.suse.com/1160254

https://bugzilla.suse.com/1160590

https://bugzilla.suse.com/1163333

https://bugzilla.suse.com/1163744

https://bugzilla.suse.com/1179036

https://bugzilla.suse.com/1179341

https://bugzilla.suse.com/1179898

https://bugzilla.suse.com/1179899

https://bugzilla.suse.com/1179900

https://bugzilla.suse.com/1179901

https://bugzilla.suse.com/1179902

https://bugzilla.suse.com/1179903

https://bugzilla.suse.com/1180451

https://bugzilla.suse.com/1180454

https://bugzilla.suse.com/1180461

https://bugzilla.suse.com/1181452

https://bugzilla.suse.com/1182252

https://bugzilla.suse.com/1183511

https://bugzilla.suse.com/1184620

https://bugzilla.suse.com/1184794

https://www.suse.com/security/cve/CVE-2019-12972

https://www.suse.com/security/cve/CVE-2019-14250

https://www.suse.com/security/cve/CVE-2019-14444

https://www.suse.com/security/cve/CVE-2019-17450

https://www.suse.com/security/cve/CVE-2019-17451

https://www.suse.com/security/cve/CVE-2019-9074

https://www.suse.com/security/cve/CVE-2019-9075

https://www.suse.com/security/cve/CVE-2019-9077

https://www.suse.com/security/cve/CVE-2020-16590

https://www.suse.com/security/cve/CVE-2020-16591

https://www.suse.com/security/cve/CVE-2020-16592

https://www.suse.com/security/cve/CVE-2020-16593

https://www.suse.com/security/cve/CVE-2020-16598

https://www.suse.com/security/cve/CVE-2020-16599

https://www.suse.com/security/cve/CVE-2020-35448

https://www.suse.com/security/cve/CVE-2020-35493

https://www.suse.com/security/cve/CVE-2020-35496

https://www.suse.com/security/cve/CVE-2020-35507

https://www.suse.com/security/cve/CVE-2021-20197

https://www.suse.com/security/cve/CVE-2021-20284

https://www.suse.com/security/cve/CVE-2021-3487

http://www.nessus.org/u?c459db79

Plugin Details

Severity: High

ID: 154861

File Name: suse_SU-2021-3593-1.nasl

Version: 1.4

Type: local

Agent: unix

Published: 11/3/2021

Updated: 7/13/2023

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-9077

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:cross-ppc-binutils, p-cpe:/a:novell:suse_linux:binutils, p-cpe:/a:novell:suse_linux:binutils-devel, p-cpe:/a:novell:suse_linux:libctf0, p-cpe:/a:novell:suse_linux:libctf-nobfd0, p-cpe:/a:novell:suse_linux:binutils-gold, p-cpe:/a:novell:suse_linux:cross-spu-binutils

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/2/2021

Vulnerability Publication Date: 2/23/2019

Reference Information

CVE: CVE-2019-12972, CVE-2019-14250, CVE-2019-14444, CVE-2019-17450, CVE-2019-17451, CVE-2019-9074, CVE-2019-9075, CVE-2019-9077, CVE-2020-16590, CVE-2020-16591, CVE-2020-16592, CVE-2020-16593, CVE-2020-16598, CVE-2020-16599, CVE-2020-35448, CVE-2020-35493, CVE-2020-35496, CVE-2020-35507, CVE-2021-20197, CVE-2021-20284, CVE-2021-3487

SuSE: SUSE-SU-2021:3593-1