openEuler update for binutils
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2021-45078 CVE-2018-12699 |
| CWE-ID | CWE-787 CWE-122 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #2 is available. |
| Vulnerable software |
openEuler Operating systems & Components / Operating system binutils-debuginfo Operating systems & Components / Operating system package or component binutils-help Operating systems & Components / Operating system package or component binutils-debugsource Operating systems & Components / Operating system package or component binutils-devel Operating systems & Components / Operating system package or component binutils Operating systems & Components / Operating system package or component |
| Vendor | openEuler |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Out-of-bounds write
EUVDB-ID: #VU59293
Risk: Medium
CVSSv4.0: 4.8 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-45078
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary error in stab_xcoff_builtin_type() function in stabs.c. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
Note, the vulnerability exists due to incorrect patch for #VU13471 (CVE-2018-12699).
Install updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 20.03 LTS SP2
binutils-debuginfo: before 2.34-18
binutils-help: before 2.34-18
binutils-debugsource: before 2.34-18
binutils-devel: before 2.34-18
binutils: before 2.34-18
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP1:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP2:*:*:*:*:*:*
- cpe:2.3:a:openeuler:binutils-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:binutils-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:binutils-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:binutils-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:binutils:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1479
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Heap-based buffer overflow
EUVDB-ID: #VU13471
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-12699
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists due to heap-based buffer overflow in the finish_stab function, as defined in the stabs.c source code file. A local attacker can execute the objdump command, trigger memory corruption and cause the service to crash.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsopenEuler: 20.03 LTS SP1 - 20.03 LTS SP2
binutils-debuginfo: before 2.34-18
binutils-help: before 2.34-18
binutils-debugsource: before 2.34-18
binutils-devel: before 2.34-18
binutils: before 2.34-18
CPE2.3- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP1:*:*:*:*:*:*
- cpe:2.3:o:openeuler:openeuler:20.03:LTS SP2:*:*:*:*:*:*
- cpe:2.3:a:openeuler:binutils-debuginfo:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:binutils-help:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:binutils-debugsource:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:binutils-devel:*:*:*:*:*:openeuler:*:*
- cpe:2.3:a:openeuler:binutils:*:*:*:*:*:openeuler:*:*
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1479
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
