SB2021110426 - SUSE update for binutils

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021110426

SB2021110426 - SUSE update for binutils

Published: November 4, 2021

Security Bulletin ID SB2021110426
Severity
High
Patch available
YES
Number of vulnerabilities 12
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 17% Medium 8% Low 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 12 secuirty vulnerabilities.


1) Double Free (CVE-ID: CVE-2020-16590)

The vulnerability allows a local attacker to perform a denial of service attack.

The vulnerability exists due to a boundary error in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils in the process_symbol_table. A local attacker can trick the victim into opening a specially crafted data, trigger double free error and perform a denial of service attack.


2) Out-of-bounds read (CVE-ID: CVE-2020-16591)

The vulnerability allows a local attacker to perform a denial of service attack.

The vulnerability exists due to invalid read in process_symbol_table. A local attacker can trick the victim into opening a specially crafted data, trigger out-of-bounds read and perform a denial of service attack.


3) Use-after-free (CVE-ID: CVE-2020-16592)

The vulnerability allows a local attacker to perform a denial of service attack.

The vulnerability exists in bfd_hash_lookup. A local attacker can trick the victim into opening a specially crafted data, trigger use-after-free and perform a denial of service attack.


4) NULL pointer dereference (CVE-ID: CVE-2020-16593)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in scan_unit_for_symbols. A local attacker can trick the victim into opening a specially crafted data and perform a denial of service (DoS) attack.


5) NULL pointer dereference (CVE-ID: CVE-2020-16599)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in _bfd_elf_get_symbol_version_string. A local attacker can trick the victim into opening a specially crafted file and perform a denial of service (DoS) attack.


6) Out-of-bounds write (CVE-ID: CVE-2020-35448)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.


7) Input validation error (CVE-ID: CVE-2020-35493)

The vulnerability allows a local attacker to perform a denial of service attack.

The vulnerability exists in bfd/pef.c. A local attacker can send a specially crafted PEF file and perform a denial of service attack.


8) NULL pointer dereference (CVE-ID: CVE-2020-35496)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists in bfd_pef_scan_start_address() of bfd/pef.c in binutils. A local attacker can trick the victim into opening a specially crafted data and perform a denial of service (DoS) attack.


9) NULL pointer dereference (CVE-ID: CVE-2020-35507)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists in bfd_pef_parse_function_stubs of bfd/pef.c in binutils. A local attacker can trick the victim into opening a specially crafted data and perform a denial of service (DoS) attack.


10) UNIX symbolic link following (CVE-ID: CVE-2021-20197)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue within the ar, objcopy, strip, ranlib utilities wen writing output. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.

Successful exploitation of this vulnerability may result in privilege escalation.


11) Heap-based buffer overflow (CVE-ID: CVE-2021-20284)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the _bfd_elf_slurp_secondary_reloc_section() function in elf.c. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


12) Input validation error (CVE-ID: CVE-2021-3487)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the BFD library in binutils. A remote attacker who supplies a crafted file to an application linked with BFD can use the DWARF functionality to perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References