Red Hat Enterprise Linux 7 update for elfutils



Risk High
Patch available YES
Number of vulnerabilities 10
CVE-ID CVE-2018-16062
CVE-2018-16402
CVE-2018-16403
CVE-2018-18310
CVE-2018-18520
CVE-2018-18521
CVE-2019-7149
CVE-2019-7150
CVE-2019-7664
CVE-2019-7665
CWE-ID CWE-125
CWE-415
CWE-20
CWE-476
CWE-369
CWE-119
Exploitation vector Network
Public exploit Public exploit code for vulnerability #4 is available.
Public exploit code for vulnerability #5 is available.
Public exploit code for vulnerability #6 is available.
Public exploit code for vulnerability #7 is available.
Public exploit code for vulnerability #8 is available.
Public exploit code for vulnerability #9 is available.
Public exploit code for vulnerability #10 is available.
Vulnerable software
Subscribe
Red Hat Enterprise Linux for Power, little endian
Operating systems & Components / Operating system

Red Hat Enterprise Linux for Power, big endian
Operating systems & Components / Operating system

Red Hat Enterprise Linux for IBM z Systems
Operating systems & Components / Operating system

Red Hat Enterprise Linux for Scientific Computing
Operating systems & Components / Operating system

Red Hat Enterprise Linux Desktop
Operating systems & Components / Operating system

Red Hat Enterprise Linux Workstation
Operating systems & Components / Operating system

Red Hat Enterprise Linux Server
Operating systems & Components / Operating system

elfutils (Red Hat package)
Operating systems & Components / Operating system package or component

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 10 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU31220

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-16062

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in dwarf_getaranges in dwarf_getaranges.c in libdw in elfutils before 2018-08-18. A remote attacker can perform a denial of service (heap-based buffer over-read) via a crafted file.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

elfutils (Red Hat package): before 0.176-2.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2019:2197


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Double Free

EUVDB-ID: #VU36733

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-16402

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

elfutils (Red Hat package): before 0.176-2.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2019:2197


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU36734

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-16403

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

libdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

elfutils (Red Hat package): before 0.176-2.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2019:2197


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Segmentation fault

EUVDB-ID: #VU15371

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-18310

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists in the dwfl_segment_report_module.c source code file in the libdwfl library due to improper handling of Executable and Linkable Format (ELF) files. A local attacker can send an ELF file that submits malicious input, execute the eu-stack command, trigger a segmentation fault and cause the affected application to crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

elfutils (Red Hat package): before 0.176-2.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2019:2197


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) Null pointer dereference

EUVDB-ID: #VU15528

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-18520

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to due to improper handling of Executable and Linkable Format (ELF) files by the elf_end function, as defined in the size.c source code file. A remote attacker can trick the victim into opening a specially crafted ELF file that submits malicious input, trigger NULL pointer dereference and cause application to crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

elfutils (Red Hat package): before 0.176-2.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2019:2197


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

6) Divide by zero

EUVDB-ID: #VU15527

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2018-18521

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to due to improper handling of Executable and Linkable Format (ELF) files by the arlib_add_symbols function, as defined in the arlib.c source code file. A remote attacker can trick the victim into opening a specially crafted ELF file that submits malicious input, trigger a divide-by-zero condition and cause application to crash.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

elfutils (Red Hat package): before 0.176-2.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2019:2197


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

7) Heap-based out-of-bounds read

EUVDB-ID: #VU17326

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-7149

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper handling of Executable and Linkable Format (ELF) files by the read_srclines function, as defined in the dwarf_getsrclines.c source code file. A remote attacker can trick the victim into opening a specially crafted an ELF file that submits malicious input, trigger a heap-based buffer over-read condition and cause the affected application to crash, resulting in a DoS condition.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

elfutils (Red Hat package): before 0.176-2.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2019:2197


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

8) Segmentation fault

EUVDB-ID: #VU17325

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-7150

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient sanitization of user-supplied input by the elf64_xlatetom function as defined in the libelf/elf32_xlatetom.c source code file. A remote attacker can trick the victim into opening a specially crafted file that submits malicious input, trigger a segmentation fault and cause the affected application to crash, resulting in a DoS condition.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

elfutils (Red Hat package): before 0.176-2.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2019:2197


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

9) Memory corruption

EUVDB-ID: #VU17697

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-7664

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to improper overflow checks by the elf_cvt_note function, as defined in the libelf/note_xlate.h source code file . A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger memory corruption and cause the affected application to crash, resulting in a DoS condition.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

elfutils (Red Hat package): before 0.176-2.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2019:2197


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

10) Segmentation fault

EUVDB-ID: #VU17718

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-7665

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the ebl_core_note function due to improper check if the values of a NT_PLATFORM core file note is a zero-terminated string. A remote attacker can trick the victim into opening an Executable and Linkable Format (ELF) file that submits malicious input, trigger a segmentation fault that causes the affected application to crash, resulting in a DoS condition. 

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux for Power, little endian: 7

Red Hat Enterprise Linux for Power, big endian: 7

Red Hat Enterprise Linux for IBM z Systems: 7

Red Hat Enterprise Linux for Scientific Computing: 7

Red Hat Enterprise Linux Desktop: 7

Red Hat Enterprise Linux Workstation: 7

Red Hat Enterprise Linux Server: 7

elfutils (Red Hat package): before 0.176-2.el7

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2019:2197


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###