ID CVE-2005-4808 Type cve Reporter cve@mitre.org Modified 2020-04-01T12:53:00
Description
Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file.
This vulnerability is addressed in the following patch:
GNU, Binutils, patch 20050714
{"ubuntu": [{"lastseen": "2020-07-09T00:20:58", "bulletinFamily": "unix", "cvelist": ["CVE-2005-4808"], "description": "A buffer overflow was discovered in gas (the GNU assembler). By \ntricking an user or automated system (like a compile farm) into \nassembling a specially crafted source file with gcc or gas, this could \nbe exploited to execute arbitrary code with the user's privileges.", "edition": 6, "modified": "2006-10-18T00:00:00", "published": "2006-10-18T00:00:00", "id": "USN-366-1", "href": "https://ubuntu.com/security/notices/USN-366-1", "title": "binutils vulnerability", "type": "ubuntu", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:25", "bulletinFamily": "software", "cvelist": ["CVE-2005-4808"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://sources.redhat.com/bugzilla/show_bug.cgi?id=1069\n[CVE-2005-4808](https://vulners.com/cve/CVE-2005-4808)\n", "modified": "2005-07-14T23:09:06", "published": "2005-07-14T23:09:06", "href": "https://vulners.com/osvdb/OSVDB:29482", "id": "OSVDB:29482", "title": "GNU Binutils config/tc-crx.c reset_vars Variable Overflow", "type": "osvdb", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-20T15:34:42", "description": "A buffer overflow was discovered in gas (the GNU assembler). By\ntricking an user or automated system (like a compile farm) into\nassembling a specially crafted source file with gcc or gas, this could\nbe exploited to execute arbitrary code with the user's privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2007-11-10T00:00:00", "title": "Ubuntu 5.10 : binutils vulnerability (USN-366-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-4808"], "modified": "2007-11-10T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:binutils-multiarch", "p-cpe:/a:canonical:ubuntu_linux:binutils-doc", "p-cpe:/a:canonical:ubuntu_linux:binutils-static", "cpe:/o:canonical:ubuntu_linux:5.10", "p-cpe:/a:canonical:ubuntu_linux:binutils-dev", "p-cpe:/a:canonical:ubuntu_linux:binutils"], "id": "UBUNTU_USN-366-1.NASL", "href": "https://www.tenable.com/plugins/nessus/27946", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-366-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27946);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2005-4808\");\n script_xref(name:\"USN\", value:\"366-1\");\n\n script_name(english:\"Ubuntu 5.10 : binutils vulnerability (USN-366-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A buffer overflow was discovered in gas (the GNU assembler). By\ntricking an user or automated system (like a compile farm) into\nassembling a specially crafted source file with gcc or gas, this could\nbe exploited to execute arbitrary code with the user's privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-multiarch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-static\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2006-2019 Canonical, Inc. / NASL script (C) 2007-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.10\", pkgname:\"binutils\", pkgver:\"2.16.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"binutils-dev\", pkgver:\"2.16.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"binutils-doc\", pkgver:\"2.16.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"binutils-multiarch\", pkgver:\"2.16.1-2ubuntu6.3\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"binutils-static\", pkgver:\"2.16.1-2ubuntu6.3\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils / binutils-dev / binutils-doc / binutils-multiarch / etc\");\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}]}