Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name MDVSA-2015:029 First vendor Publication 2015-02-05
Vendor Mandriva Last vendor Modification 2015-02-05
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities has been found and corrected in binutils:

Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the addition of CHUNK_HEADER_SIZE to the length, which triggers a heap-based buffer overflow (CVE-2012-3509).

The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record (CVE-2014-8484).

The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file (CVE-2014-8485).

The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable (CVE-2014-8501).

Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file (CVE-2014-8502).

Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file (CVE-2014-8503).

Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file (CVE-2014-8504).

Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar (CVE-2014-8737).

The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive (CVE-2014-8738).

The updated packages provides a solution for these security issues.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:029

CWE : Common Weakness Enumeration

% Id Name
67 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
11 % CWE-189 Numeric Errors (CWE/SANS Top 25)
11 % CWE-94 Failure to Control Generation of Code ('Code Injection')
11 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3
Application 1
Os 4
Os 1
Os 3

OpenVAS Exploits

Date Description
2012-11-26 Name : Fedora Update for insight FEDORA-2012-18300
File : nvt/gb_fedora_2012_18300_insight_fc16.nasl
2012-11-26 Name : Fedora Update for insight FEDORA-2012-18311
File : nvt/gb_fedora_2012_18311_insight_fc17.nasl

Nessus® Vulnerability Scanner

Date Description
2017-07-27 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-3367-1.nasl - Type : ACT_GATHER_INFO
2016-12-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201612-24.nasl - Type : ACT_GATHER_INFO
2015-12-22 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20151119_binutils_on_SL7_x.nasl - Type : ACT_GATHER_INFO
2015-12-15 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2015-620.nasl - Type : ACT_GATHER_INFO
2015-12-02 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2015-2079.nasl - Type : ACT_GATHER_INFO
2015-11-24 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-2079.nasl - Type : ACT_GATHER_INFO
2015-11-19 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2015-2079.nasl - Type : ACT_GATHER_INFO
2015-10-02 Name : The remote Debian host is missing a security update.
File : debian_DLA-324.nasl - Type : ACT_GATHER_INFO
2015-03-30 Name : The remote Debian host is missing a security update.
File : debian_DLA-184.nasl - Type : ACT_GATHER_INFO
2015-03-25 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_f6a014cdd26811e48339001e679db764.nasl - Type : ACT_GATHER_INFO
2015-02-10 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2496-1.nasl - Type : ACT_GATHER_INFO
2015-02-06 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-029.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_binutils-201501-150122.nasl - Type : ACT_GATHER_INFO
2015-01-22 Name : The remote Fedora host is missing a security update.
File : fedora_2015-0750.nasl - Type : ACT_GATHER_INFO
2015-01-22 Name : The remote Fedora host is missing a security update.
File : fedora_2015-0471.nasl - Type : ACT_GATHER_INFO
2015-01-12 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3123.nasl - Type : ACT_GATHER_INFO
2015-01-02 Name : The remote Fedora host is missing a security update.
File : fedora_2014-17603.nasl - Type : ACT_GATHER_INFO
2015-01-02 Name : The remote Fedora host is missing a security update.
File : fedora_2014-17586.nasl - Type : ACT_GATHER_INFO
2014-12-07 Name : The remote Fedora host is missing a security update.
File : fedora_2014-14995.nasl - Type : ACT_GATHER_INFO
2014-12-07 Name : The remote Fedora host is missing a security update.
File : fedora_2014-14888.nasl - Type : ACT_GATHER_INFO
2014-12-07 Name : The remote Fedora host is missing a security update.
File : fedora_2014-14874.nasl - Type : ACT_GATHER_INFO
2014-12-07 Name : The remote Fedora host is missing a security update.
File : fedora_2014-14838.nasl - Type : ACT_GATHER_INFO
2014-12-06 Name : The remote Fedora host is missing a security update.
File : fedora_2014-14963.nasl - Type : ACT_GATHER_INFO
2014-12-06 Name : The remote Fedora host is missing a security update.
File : fedora_2014-14833.nasl - Type : ACT_GATHER_INFO
2014-08-04 Name : The remote Fedora host is missing a security update.
File : fedora_2014-8528.nasl - Type : ACT_GATHER_INFO
2014-08-04 Name : The remote Fedora host is missing a security update.
File : fedora_2014-8510.nasl - Type : ACT_GATHER_INFO
2014-02-10 Name : The remote Fedora host is missing a security update.
File : fedora_2014-1835.nasl - Type : ACT_GATHER_INFO
2014-02-10 Name : The remote Fedora host is missing a security update.
File : fedora_2014-1828.nasl - Type : ACT_GATHER_INFO
2012-11-26 Name : The remote Fedora host is missing a security update.
File : fedora_2012-18300.nasl - Type : ACT_GATHER_INFO
2012-11-26 Name : The remote Fedora host is missing a security update.
File : fedora_2012-18360.nasl - Type : ACT_GATHER_INFO
2012-11-26 Name : The remote Fedora host is missing a security update.
File : fedora_2012-18311.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2015-02-07 13:25:23
  • Multiple Updates
2015-02-05 21:22:32
  • First insertion