SB2019062013 - OpenSUSE Linux update for elfutils

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019062013

SB2019062013 - OpenSUSE Linux update for elfutils

Published: June 20, 2019

Security Bulletin ID SB2019062013
Severity
High
Patch available
YES
Number of vulnerabilities 15
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 7% Medium 13% Low 80%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 15 secuirty vulnerabilities.


1) Heap-based buffer overflow (CVE-ID: CVE-2017-7607)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the handle_gnu_hash function of elfutils due to heap-based buffer overflow when handling of Executable and Linkable Format (ELF) files by the handle_gnu_hash function, as defined in the readelf.c source code file. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the application to crash.


2) Heap-based buffer overflow (CVE-ID: CVE-2017-7608)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the ebl_object_note_type_name function of elfutils due to heap-based buffer overflow when handling Executable and Linkable Format (ELF) files by the ebl_object_note_type_namefunction, as defined in the eblobjnotetypename.c source code file. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the application to crash.


3) Memory corruption (CVE-ID: CVE-2017-7609)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the elf_compress.c source code of elfutils due to improper validation of the zlib compression factor before the affected software allocates the output buffer. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the application to crash.


4) Heap-based buffer overflow (CVE-ID: CVE-2017-7610)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the check_group function of elfutils due to heap-based buffer overflow when handling of Executable and Linkable Format (ELF) files by the check_group function, as defined in the elflint.c source code file. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the application to crash.


5) Heap-based buffer overflow (CVE-ID: CVE-2017-7611)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the check_symtab_shndx function of elfutils due to heap-based buffer overflow when handling of Executable and Linkable Format (ELF) files by the check_symtab_shndxfunction, as defined in the elflint.c source code file. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the application to crash.


6) Heap-based buffer overflow (CVE-ID: CVE-2017-7612)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the check_sysv_hash function of elfutils due to heap-based buffer overflow when handling of Executable and Linkable Format (ELF) files by the check_sysv_hash function, as defined in the elflint.c source code file. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the application to crash.


7) Memory corruption (CVE-ID: CVE-2017-7613)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the elflint.c source code of elfutils due to boundary error when sanitization checks of the number of eshnum sections and ephnum segments. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the application to crash.


8) Out-of-bounds read (CVE-ID: CVE-2018-16062)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18. A remote attacker can perform a denial of service (heap-based buffer over-read) via a crafted file.


9) Double Free (CVE-ID: CVE-2018-16402)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.


10) Out-of-bounds read (CVE-ID: CVE-2018-16403)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.


11) Segmentation fault (CVE-ID: CVE-2018-18310)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists in the dwfl_segment_report_module.c source code file in the libdwfl library due to improper handling of Executable and Linkable Format (ELF) files. A local attacker can send an ELF file that submits malicious input, execute the eu-stack command, trigger a segmentation fault and cause the affected application to crash.


12) Null pointer dereference (CVE-ID: CVE-2018-18520)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to due to improper handling of Executable and Linkable Format (ELF) files by the elf_end function, as defined in the size.c source code file. A remote attacker can trick the victim into opening a specially crafted ELF file that submits malicious input, trigger NULL pointer dereference and cause application to crash.


13) Divide by zero (CVE-ID: CVE-2018-18521)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to due to improper handling of Executable and Linkable Format (ELF) files by the arlib_add_symbols function, as defined in the arlib.c source code file. A remote attacker can trick the victim into opening a specially crafted ELF file that submits malicious input, trigger a divide-by-zero condition and cause application to crash.


14) Segmentation fault (CVE-ID: CVE-2019-7150)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient sanitization of user-supplied input by the elf64_xlatetom function as defined in the libelf/elf32_xlatetom.c source code file. A remote attacker can trick the victim into opening a specially crafted file that submits malicious input, trigger a segmentation fault and cause the affected application to crash, resulting in a DoS condition.


15) Segmentation fault (CVE-ID: CVE-2019-7665)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the ebl_core_note function due to improper check if the values of a NT_PLATFORM core file note is a zero-terminated string. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger a segmentation fault that causes the affected application to crash, resulting in a DoS condition. 


Remediation

Install update from vendor's website.

References