Heap-based buffer overflow in Sourceware elfutils

1) Heap-based buffer overflow

EUVDB-ID: #VU41835

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:C]

CVE-ID: CVE-2014-0172

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158. A remote attacker can use a malformed compressed debug section in an ELF file to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

elfutils: 0.153 - 0.158

CPE2.3

• cpe:2.3:a:sourceware:elfutils:0.153:*:*:*:*:*:*:*
• cpe:2.3:a:sourceware:elfutils:0.154:*:*:*:*:*:*:*
• cpe:2.3:a:sourceware:elfutils:0.155:*:*:*:*:*:*:*

External links

http://seclists.org/oss-sec/2014/q2/54
http://www.securityfocus.com/bid/66714
http://www.ubuntu.com/usn/USN-2188-1
http://bugzilla.redhat.com/show_bug.cgi?id=1085663
http://lists.fedorahosted.org/pipermail/elfutils-devel/2014-April/003921.html
http://security.gentoo.org/glsa/201612-32

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.