SB2017060818 - Multiple vulnerabilities in Radare radare2
Published: June 8, 2017 Updated: January 25, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Heap-based buffer overflow (CVE-ID: CVE-2017-10929)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0. A remote attacker can use a crafted binary file to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Stack-based buffer overflow (CVE-ID: CVE-2017-9949)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the grub_memmove function in shlr/grub/kern/misc.c when processing a crafted binary file, possibly related to a buffer underflow in fs/ext2.c in GNU GRUB 2.02. A remote unauthenticated attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
3) Buffer overflow (CVE-ID: CVE-2017-9761)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.
4) Use-after-free (CVE-ID: CVE-2017-9762)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing a crafted binary file. A remote attackers can cause a denial of service (use-after-free and application crash).
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
5) Buffer overflow (CVE-ID: CVE-2017-9763)
The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array.
6) Use-after-free (CVE-ID: CVE-2017-9520)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing a crafted DEX file. A remote attackers can cause a denial of service (use-after-free and application crash).
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Remediation
Install update from vendor's website.
References
- http://www.securityfocus.com/bid/99608
- https://github.com/radare/radare2/commit/c57997e76ec70862174a1b3b3aeb62a6f8570e85
- https://github.com/radare/radare2/issues/7855
- http://www.securityfocus.com/bid/99305
- https://github.com/radare/radare2/commit/796dd28aaa6b9fa76d99c42c4d5ff8b257cc2191
- https://github.com/radare/radare2/issues/7683
- http://www.securityfocus.com/bid/99138
- https://github.com/radare/radare2/commit/00e8f205475332d7842d0f0d1481eeab4e83017c
- https://github.com/radare/radare2/issues/7727
- http://www.securityfocus.com/bid/99140
- https://github.com/radare/radare2/issues/7726
- http://git.savannah.gnu.org/cgit/grub.git/commit/grub-core/fs/ext2.c?id=ac8cac1dac50daaf1c390d701cca3b55e16ee768
- http://www.securityfocus.com/bid/99141
- https://github.com/radare/radare2/commit/65000a7fd9eea62359e6d6714f17b94a99a82edd
- https://github.com/radare/radare2/issues/7723
- https://github.com/radare/radare2/commit/f85bc674b2a2256a364fe796351bc1971e106005
- https://github.com/radare/radare2/issues/7698