Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Binutils: Multiple vulnerabilities
Informations
Name GLSA-201801-01 First vendor Publication 2018-01-07
Vendor Gentoo Last vendor Modification 2018-01-07
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis


========


 


Multiple vulnerabilities have been found in Binutils, the worst of


which may allow remote attackers to cause a Denial of Service


condition.


 


Background


==========


 


The GNU Binutils are a collection of tools to create, modify and


analyse binary files. Many of the files use BFD, the Binary File


Descriptor library, to do low-level manipulation.


 


Description


===========


 


Multiple vulnerabilities have been discovered in Binutils. Please


review the referenced CVE identifiers for details.


 


Impact


======


 


A remote attacker, by enticing a user to compile/execute a specially


crafted ELF, tekhex, PE, or binary file, could possibly cause a Denial


of Service condition.


 


Workaround


==========


 


There are no known workarounds at this time.


 


Resolution


==========


 


All Binutils users should upgrade to the latest version:


 



# emerge --sync



# emerge --ask --oneshot --verbose ">=sys-devel/binutils-2.29.1-r1"


 


References


==========


 


[ 1 ] CVE-2017-12456


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12456


[ 2 ] CVE-2017-12799


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12799


[ 3 ] CVE-2017-12967


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-12967


[ 4 ] CVE-2017-14128


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14128


[ 5 ] CVE-2017-14129


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14129


[ 6 ] CVE-2017-14130


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14130


[ 7 ] CVE-2017-14333


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14333


[ 8 ] CVE-2017-15023


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15023


[ 9 ] CVE-2017-15938


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15938


[ 10 ] CVE-2017-15939


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15939


[ 11 ] CVE-2017-15996


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-15996


[ 12 ] CVE-2017-7209


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7209


[ 13 ] CVE-2017-7210


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7210


[ 14 ] CVE-2017-7223


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7223


[ 15 ] CVE-2017-7224


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7224


[ 16 ] CVE-2017-7225


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7225


[ 17 ] CVE-2017-7227


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7227


[ 18 ] CVE-2017-9743


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9743


[ 19 ] CVE-2017-9746


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9746


[ 20 ] CVE-2017-9749


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9749


[ 21 ] CVE-2017-9750


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9750


[ 22 ] CVE-2017-9751


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9751


[ 23 ] CVE-2017-9755


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9755


[ 24 ] CVE-2017-9756


https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-9756


 


Availability


============


 


This GLSA and any updates to it are available for viewing at


the Gentoo Security Website:


 


https://security.gentoo.org/glsa/201801-01


 


Original Source

Url : http://security.gentoo.org/glsa/glsa-201801-01.xml

CWE : Common Weakness Enumeration

% Id Name
54 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
21 % CWE-125 Out-of-bounds Read
17 % CWE-476 NULL Pointer Dereference
4 % CWE-787 Out-of-bounds Write (CWE/SANS Top 25)
4 % CWE-190 Integer Overflow or Wraparound (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 6

Nessus® Vulnerability Scanner

Date Description
2018-08-17 Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2017-0038.nasl - Type : ACT_GATHER_INFO
2018-08-17 Name : The remote PhotonOS host is missing multiple security updates.
File : PhotonOS_PHSA-2018-1_0-0104.nasl - Type : ACT_GATHER_INFO
2018-01-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201801-01.nasl - Type : ACT_GATHER_INFO
2017-12-14 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-1330.nasl - Type : ACT_GATHER_INFO
2017-12-01 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1285.nasl - Type : ACT_GATHER_INFO
2017-12-01 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1286.nasl - Type : ACT_GATHER_INFO
2017-12-01 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2017-3170-1.nasl - Type : ACT_GATHER_INFO
2017-11-02 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1278.nasl - Type : ACT_GATHER_INFO
2017-11-02 Name : The remote EulerOS host is missing multiple security updates.
File : EulerOS_SA-2017-1279.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2018-01-08 00:21:10
  • First insertion