FreeBSD : GNU binutils -- multiple vulnerabilities (f6a014cd-d268-11e4-8339-001e679db764)

high Nessus Plugin ID 82064

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

US-CERT/NIST reports :

The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.

US-CERT/NIST reports :

Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.

US-CERT/NIST reports :

Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.

Solution

Update the affected packages.

See Also

https://nvd.nist.gov/vuln/detail/CVE-2014-8501

https://nvd.nist.gov/vuln/detail/CVE-2014-8502

https://nvd.nist.gov/vuln/detail/CVE-2014-8503

http://www.nessus.org/u?17f6dac4

Plugin Details

Severity: High

ID: 82064

File Name: freebsd_pkg_f6a014cdd26811e48339001e679db764.nasl

Version: 1.6

Type: local

Published: 3/25/2015

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:cross-binutils, p-cpe:/a:freebsd:freebsd:m6811-binutils, p-cpe:/a:freebsd:freebsd:x86_64-pc-mingw32-binutils, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 3/24/2015

Vulnerability Publication Date: 12/9/2014

Reference Information

CVE: CVE-2014-8501, CVE-2014-8502, CVE-2014-8503