SB2018121020 - Multiple vulnerabilities in GNU Binutils

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Heap-based buffer overflow (CVE-ID: CVE-2018-19931)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to heap-based buffer overflow in the bfd_elf32_swap_phdr_in function, as defined in the elfcode.h source code file when handling malicious input. A local attacker can supply a specially crafted file that may trigger memory corruption and cause the service to crash.

2) Integer overflow (CVE-ID: CVE-2018-19932)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to integer overflow in the IS_CONTAINED_BY_LMAfunction, as defined in the elf.c source code file when handling malicious input. A local attacker can map a section to a segment, trigger an infinite loop condition, resulting in a DoS condition.

3) Memory leak (CVE-ID: CVE-2018-20002)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to memory leak in the _bfd_generic_read_minisymbols function in syms.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils. A local attacker can send specially crafted ELF file, consume excessive resources and cause the service to crash.

4) Integer overflow (CVE-ID: CVE-2018-1000876)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to integer overflow in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc. A local attacker can trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

• https://sourceware.org/bugzilla/show_bug.cgi?id=23942
• https://sourceware.org/bugzilla/show_bug.cgi?id=23932
• https://sourceware.org/bugzilla/show_bug.cgi?id=23952
• https://sourceware.org/bugzilla/show_bug.cgi?id=23994
• https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3a551c7a1b80fca579461774860574eabfd7f18f