Search...

CVE-2005-4808

2005-12-31T00:00:00

ID CVE-2005-4808
Type cve
Reporter NVD
Modified 2017-07-19T21:29:24

Description

Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file.

JSON Vulners Source

Initial Source

{"id": "CVE-2005-4808", "bulletinFamily": "NVD", "title": "CVE-2005-4808", "description": "Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file.", "published": "2005-12-31T00:00:00", "modified": "2017-07-19T21:29:24", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4808", "reporter": "NVD", "references": ["http://www.ubuntu.com/usn/usn-366-1", "https://exchange.xforce.ibmcloud.com/vulnerabilities/44661", "http://sources.redhat.com/bugzilla/show_bug.cgi?id=1069"], "cvelist": ["CVE-2005-4808"], "type": "cve", "lastseen": "2017-07-20T10:49:00", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:gnu:binutils"], "cvelist": ["CVE-2005-4808"], "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file.", "edition": 1, "enchantments": {}, "hash": "318a9366fad602655936e65fe65b180bb438e9392efcc6b9e9f85e37a6ca7e15", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "958d8725909222a1da197895961ac8e7", "key": "cvelist"}, {"hash": "f63f83316fddee330e95f970f009682c", "key": "references"}, {"hash": "fde6cf50425a83abcc41dbfc7460f2b4", "key": "title"}, {"hash": "1a6d5a84a8e4c931135248483072dd48", "key": "modified"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "774fce555a963c00be305187dd6dff95", "key": "cvss"}, {"hash": "169814cda33c9ac3171ca8fc2d103430", "key": "href"}, {"hash": "467b72b20688b077f9946f6e53e3429d", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1fe003fc193c7d7a048c3e19c7bb2db3", "key": "description"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "ca3b78b19a064416c8e0ea157911c4cb", "key": "cpe"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4808", "id": "CVE-2005-4808", "lastseen": "2016-09-03T06:17:04", "modified": "2008-09-17T00:41:20", "objectVersion": "1.2", "published": "2005-12-31T00:00:00", "references": ["http://www.ubuntu.com/usn/usn-366-1", "http://xforce.iss.net/xforce/xfdb/44661", "http://sources.redhat.com/bugzilla/show_bug.cgi?id=1069"], "reporter": "NVD", "scanner": [], "title": "CVE-2005-4808", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T06:17:04"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "ca3b78b19a064416c8e0ea157911c4cb"}, {"key": "cvelist", "hash": "958d8725909222a1da197895961ac8e7"}, {"key": "cvss", "hash": "774fce555a963c00be305187dd6dff95"}, {"key": "description", "hash": "1fe003fc193c7d7a048c3e19c7bb2db3"}, {"key": "href", "hash": "169814cda33c9ac3171ca8fc2d103430"}, {"key": "modified", "hash": "c36ecb3144c693cbee30b560db827621"}, {"key": "published", "hash": "467b72b20688b077f9946f6e53e3429d"}, {"key": "references", "hash": "c2e349fda8dc47cdbecf54dd0a930ea5"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "fde6cf50425a83abcc41dbfc7460f2b4"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "bc831d89dfe20b5fb9038bfa10e12f19477c899b473f1e9d09164c33ac07286c", "viewCount": 0, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2017-07-20T10:49:00"}, "dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:29482"]}, {"type": "ubuntu", "idList": ["USN-366-1"]}, {"type": "nessus", "idList": ["UBUNTU_USN-366-1.NASL"]}], "modified": "2017-07-20T10:49:00"}, "vulnersScore": 6.8}, "objectVersion": "1.3", "cpe": ["cpe:/a:gnu:binutils"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}

{"osvdb": [{"lastseen": "2017-04-28T13:20:25", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://sources.redhat.com/bugzilla/show_bug.cgi?id=1069\n[CVE-2005-4808](https://vulners.com/cve/CVE-2005-4808)\n", "modified": "2005-07-14T23:09:06", "published": "2005-07-14T23:09:06", "href": "https://vulners.com/osvdb/OSVDB:29482", "id": "OSVDB:29482", "title": "GNU Binutils config/tc-crx.c reset_vars Variable Overflow", "type": "osvdb", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-02-21T01:10:21", "bulletinFamily": "scanner", "description": "A buffer overflow was discovered in gas (the GNU assembler). By tricking an user or automated system (like a compile farm) into assembling a specially crafted source file with gcc or gas, this could be exploited to execute arbitrary code with the user's privileges.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "modified": "2016-05-27T00:00:00", "id": "UBUNTU_USN-366-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=27946", "published": "2007-11-10T00:00:00", "title": "Ubuntu 5.10 : binutils vulnerability (USN-366-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-366-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27946);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2016/05/27 14:21:18 $\");\n\n script_cve_id(\"CVE-2005-4808\");\n script_xref(name:\"USN\", value:\"366-1\");\n\n script_name(english:\"Ubuntu 5.10 : binutils vulnerability (USN-366-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow was discovered in gas (the GNU assembler). By\ntricking an user or automated system (like a compile farm) into\nassembling a specially crafted source file with gcc or gas, this could\nbe exploited to execute arbitrary code with the user's privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-multiarch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2006-2016 Canonical, Inc. / NASL script (C) 2007-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.10\", pkgname:\"binutils\", pkgver:\"2.16.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"binutils-dev\", pkgver:\"2.16.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"binutils-doc\", pkgver:\"2.16.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"binutils-multiarch\", pkgver:\"2.16.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"binutils-static\", pkgver:\"2.16.1-2ubuntu6.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils / binutils-dev / binutils-doc / binutils-multiarch / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2019-01-29T20:33:33", "bulletinFamily": "unix", "description": "A buffer overflow was discovered in gas (the GNU assembler). By tricking an user or automated system (like a compile farm) into assembling a specially crafted source file with gcc or gas, this could be exploited to execute arbitrary code with the user\u2019s privileges.", "modified": "2006-10-18T00:00:00", "published": "2006-10-18T00:00:00", "id": "USN-366-1", "href": "https://usn.ubuntu.com/366-1/", "title": "binutils vulnerability", "type": "ubuntu", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}