Executive Summary
Summary | |
---|---|
Title | elfutils security update |
Informations | |||
---|---|---|---|
Name | RHSA-2006:0354 | First vendor Publication | 2006-08-10 |
Vendor | RedHat | Last vendor Modification | 2006-08-10 |
Severity (Vendor) | Low | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.6 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated elfutils packages that address a minor security issue and various other issues are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code. The elfutils packages that originally shipped with Red Hat Enterprise Linux 4 were GPL-licensed versions which lacked some functionality. Previous updates provided fully functional versions of elfutils only under the OSL license. This update provides a fully functional, GPL-licensed version of elfutils. In the OSL-licensed elfutils versions provided in previous updates, some tools could sometimes crash when given corrupted input files. (CVE-2005-1704) Also, when the eu-strip tool was used to create separate debuginfo files from relocatable objects such as kernel modules (.ko), the resulting debuginfo files (.ko.debug) were sometimes corrupted. Both of these problems are fixed in the new version. Users of elfutils should upgrade to these updated packages, which resolve these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. To update all RPMs for your particular architecture, run: rpm -Fvh [filenames] where [filenames] is a list of the RPMs you wish to upgrade. Only those RPMs which are currently installed will be updated. Those RPMs which are not installed but included in the list will not be updated. Note that you can also use wildcards (*.rpm) if your current directory *only* contains the desired RPMs. Please note that this update is also available via Red Hat Network. Many people find this an easier way to apply updates. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. If up2date fails to connect to Red Hat Network due to SSL Certificate Errors, you need to install a version of the up2date client with an updated certificate. The latest version of up2date is available from the Red Hat FTP site and may also be downloaded directly from the RHN website: https://rhn.redhat.com/help/latest-up2date.pxt 5. Bug IDs fixed (http://bugzilla.redhat.com/): 156342 - eu-strip mangles separate debuginfo with relocation sections 159888 - CVE-2005-1704 Integer overflow in libelf 186992 - Elfutils license upgrade |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2006-0354.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:9071 | |||
Oval ID: | oval:org.mitre.oval:def:9071 | ||
Title: | Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow. | ||
Description: | Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1704 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200505-15 (gdb) File : nvt/glsa_200505_15.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200506-01 (binutils) File : nvt/glsa_200506_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
16870 | binutils BFD Library Local Overflow A local overflow exists in binutils. The BFD library fails to validate user supplied input resulting in a heap overflow. With a specially crafted file, an attacker can gain escalated privileges resulting in a loss of confidentiality. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-06-29 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2005-673.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2005-709.nasl - Type : ACT_GATHER_INFO |
2012-09-24 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-498.nasl - Type : ACT_GATHER_INFO |
2006-08-30 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0354.nasl - Type : ACT_GATHER_INFO |
2006-08-14 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0354.nasl - Type : ACT_GATHER_INFO |
2006-07-21 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2006-0368.nasl - Type : ACT_GATHER_INFO |
2006-07-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2006-0368.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2005-659.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-136-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-135-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-215.nasl - Type : ACT_GATHER_INFO |
2005-10-28 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-1033.nasl - Type : ACT_GATHER_INFO |
2005-10-28 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-1032.nasl - Type : ACT_GATHER_INFO |
2005-10-19 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-763.nasl - Type : ACT_GATHER_INFO |
2005-10-19 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-801.nasl - Type : ACT_GATHER_INFO |
2005-10-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-673.nasl - Type : ACT_GATHER_INFO |
2005-10-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-709.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-659.nasl - Type : ACT_GATHER_INFO |
2005-06-29 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-497.nasl - Type : ACT_GATHER_INFO |
2005-06-02 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200506-01.nasl - Type : ACT_GATHER_INFO |
2005-05-31 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2005-095.nasl - Type : ACT_GATHER_INFO |
2005-05-28 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200505-15.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:50:00 |
|