SB2017101313 - Gentoo update for elfutils 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017101313

SB2017101313 - Gentoo update for elfutils

Published: October 13, 2017

Security Bulletin ID SB2017101313
Severity
Low
Patch available
YES
Number of vulnerabilities 9
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.


1) Memory corruption (CVE-ID: CVE-2016-10254)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the allocate_elf function of elfutils due to boundary error when handling Executable and Linkable Format (ELF) files by the allocate_elf function, as defined in the common.h source code file. A remote attacker can trick the victim into opening an ELF file that submits malicious input, trigger memory corruption and cause the application to crash.


2) Memory corruption (CVE-ID: CVE-2016-10255)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the __libelf_set_rawdata_wrlock function of elfutils due to boundary error when hhandling of sh_off and sh_size Executable and Linkable Format (ELF) header values by the __libelf_set_rawdata_wrlock function, as defined in the elf_getdata.c source code file. A remote attacker can trick the victim into opening an ELF file that submits malicious sh_off or sh_size ELF header values, trigger memory corruption and cause the application to crash.


3) Heap-based buffer overflow (CVE-ID: CVE-2017-7607)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the handle_gnu_hash function of elfutils due to heap-based buffer overflow when handling of Executable and Linkable Format (ELF) files by the handle_gnu_hash function, as defined in the readelf.c source code file. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the application to crash.


4) Heap-based buffer overflow (CVE-ID: CVE-2017-7608)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the ebl_object_note_type_name function of elfutils due to heap-based buffer overflow when handling Executable and Linkable Format (ELF) files by the ebl_object_note_type_namefunction, as defined in the eblobjnotetypename.c source code file. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the application to crash.


5) Memory corruption (CVE-ID: CVE-2017-7609)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the elf_compress.c source code of elfutils due to improper validation of the zlib compression factor before the affected software allocates the output buffer. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the application to crash.


6) Heap-based buffer overflow (CVE-ID: CVE-2017-7610)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the check_group function of elfutils due to heap-based buffer overflow when handling of Executable and Linkable Format (ELF) files by the check_group function, as defined in the elflint.c source code file. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the application to crash.


7) Heap-based buffer overflow (CVE-ID: CVE-2017-7611)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the check_symtab_shndx function of elfutils due to heap-based buffer overflow when handling of Executable and Linkable Format (ELF) files by the check_symtab_shndxfunction, as defined in the elflint.c source code file. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the application to crash.


8) Heap-based buffer overflow (CVE-ID: CVE-2017-7612)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the check_sysv_hash function of elfutils due to heap-based buffer overflow when handling of Executable and Linkable Format (ELF) files by the check_sysv_hash function, as defined in the elflint.c source code file. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the application to crash.


9) Memory corruption (CVE-ID: CVE-2017-7613)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the elflint.c source code of elfutils due to boundary error when sanitization checks of the number of eshnum sections and ephnum segments. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the application to crash.


Remediation

Install update from vendor's website.

References