[SECURITY] Fedora 33 Update: mingw-binutils-2.34-8.fc33

2021-04-21T21:41:45

Description

Cross compiled binutils (utilities like 'strip', 'as', 'ld') which understand Windows executables and DLLs.

Affected Package

OS	OS Version	Package Name	Package Version
Fedora	33	mingw-binutils	2.34

{"id": "FEDORA:AFB513090F29", "vendorId": null, "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 33 Update: mingw-binutils-2.34-8.fc33", "description": "Cross compiled binutils (utilities like 'strip', 'as', 'ld') which understand Windows executables and DLLs. ", "published": "2021-04-21T21:41:45", "modified": "2021-04-21T21:41:45", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6}, "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RNBNDMJWZOQYCEZXENHBSM6DBZ332UZZ/", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2021-3487"], "immutableFields": [], "lastseen": "2021-07-28T14:46:52", "viewCount": 32, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:4364"]}, {"type": "amazon", "idList": ["ALAS2-2021-1702"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:C2A733A6A41CFD9A15E4264F63B47838"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1632399260", "CLSA-2021:1633442827"]}, {"type": "cve", "idList": ["CVE-2021-3487"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-3487"]}, {"type": "fedora", "idList": ["FEDORA:04FEC308D481", "FEDORA:0D9123142B12"]}, {"type": "freebsd", "idList": ["F4C54B81-BCC8-11EB-A7A6-080027F515EA"]}, {"type": "ibm", "idList": ["1319453AF7DA9A0E5B8BE48087B02A8E5A84EA3B6A853343249689E5E6D3071B", "505AA9046670EC3A58A3F57E2932EB46B317BDB83A271F3A6627D59B7D958183", "C1F45166D363983B658722AAEB826E837D7E416749A72DF1B0BAF618923467C3"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1702.NASL", "ALMA_LINUX_ALSA-2021-4364.NASL", "CENTOS8_RHSA-2021-4364.NASL", "EULEROS_SA-2021-1964.NASL", "EULEROS_SA-2021-1974.NASL", "EULEROS_SA-2021-1976.NASL", "EULEROS_SA-2021-2024.NASL", "EULEROS_SA-2021-2045.NASL", "EULEROS_SA-2021-2047.NASL", "EULEROS_SA-2021-2058.NASL", "EULEROS_SA-2021-2122.NASL", "EULEROS_SA-2021-2212.NASL", "EULEROS_SA-2021-2903.NASL", "FREEBSD_PKG_F4C54B81BCC811EBA7A6080027F515EA.NASL", "OPENSUSE-2021-1475.NASL", "OPENSUSE-2021-3616.NASL", "ORACLELINUX_ELSA-2021-4364.NASL", "PHOTONOS_PHSA-2021-1_0-0386_BINUTILS.NASL", "PHOTONOS_PHSA-2021-2_0-0341_BINUTILS.NASL", "PHOTONOS_PHSA-2021-3_0-0230_BINUTILS.NASL", "PHOTONOS_PHSA-2021-4_0-0017_BINUTILS.NASL", "REDHAT-RHSA-2021-4364.NASL", "SUSE_SU-2021-3593-1.NASL", "SUSE_SU-2021-3616-1.NASL", "UBUNTU_USN-5124-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-4364"]}, {"type": "photon", "idList": ["PHSA-2021-0017", "PHSA-2021-0230", "PHSA-2021-0341", "PHSA-2021-1.0-0386", "PHSA-2021-2.0-0341", "PHSA-2021-3.0-0230", "PHSA-2021-4.0-0017"]}, {"type": "redhat", "idList": ["RHSA-2021:4364", "RHSA-2021:4627", "RHSA-2021:5137"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-3487"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1475-1", "OPENSUSE-SU-2021:3616-1"]}, {"type": "ubuntu", "idList": ["USN-5124-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-3487"]}], "rev": 4}, "score": {"value": 4.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:4364"]}, {"type": "amazon", "idList": ["ALAS2-2021-1702"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:C2A733A6A41CFD9A15E4264F63B47838"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1632399260"]}, {"type": "cve", "idList": ["CVE-2021-3487"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-3487"]}, {"type": "fedora", "idList": ["FEDORA:04FEC308D481", "FEDORA:0D9123142B12"]}, {"type": "freebsd", "idList": ["F4C54B81-BCC8-11EB-A7A6-080027F515EA"]}, {"type": "ibm", "idList": ["1319453AF7DA9A0E5B8BE48087B02A8E5A84EA3B6A853343249689E5E6D3071B", "505AA9046670EC3A58A3F57E2932EB46B317BDB83A271F3A6627D59B7D958183", "C1F45166D363983B658722AAEB826E837D7E416749A72DF1B0BAF618923467C3"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1702.NASL", "OPENSUSE-2021-1475.NASL", "OPENSUSE-2021-3616.NASL", "ORACLELINUX_ELSA-2021-4364.NASL", "PHOTONOS_PHSA-2021-1_0-0386_BINUTILS.NASL", "PHOTONOS_PHSA-2021-2_0-0341_BINUTILS.NASL", "PHOTONOS_PHSA-2021-3_0-0230_BINUTILS.NASL", "PHOTONOS_PHSA-2021-4_0-0017_BINUTILS.NASL", "SUSE_SU-2021-3616-1.NASL", "UBUNTU_USN-5124-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-4364"]}, {"type": "photon", "idList": ["PHSA-2021-1.0-0386", "PHSA-2021-2.0-0341", "PHSA-2021-3.0-0230", "PHSA-2021-4.0-0017"]}, {"type": "redhat", "idList": ["RHSA-2021:4364"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-3487"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1475-1", "OPENSUSE-SU-2021:3616-1"]}, {"type": "ubuntu", "idList": ["USN-5124-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-3487"]}]}, "exploitation": null, "vulnersScore": 4.1}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "33", "arch": "any", "packageVersion": "2.34", "packageFilename": "UNKNOWN", "operator": "lt", "packageName": "mingw-binutils"}]}

{"nessus": [{"lastseen": "2022-02-25T23:56:38", "description": "According to the version of the binutils package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :\n\n - There's a flaw in the BFD library of binutils. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.(CVE-2021-3487)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2021-07-02T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : binutils (EulerOS-SA-2021-2122)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3487"], "modified": "2021-07-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:binutils", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2021-2122.NASL", "href": "https://www.tenable.com/plugins/nessus/151306", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151306);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/06\");\n\n script_cve_id(\n \"CVE-2021-3487\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : binutils (EulerOS-SA-2021-2122)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the binutils package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerability :\n\n - There's a flaw in the BFD library of binutils. An\n attacker who supplies a crafted file to an application\n linked with BFD, and using the DWARF functionality,\n could cause an impact to system availability by way of\n excessive memory consumption.(CVE-2021-3487)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2122\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5a0b579d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected binutils package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"binutils-2.27-28.base.1.h50\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-02-25T23:55:11", "description": "Hao Wang reports :\n\nThere's a flaw in the BFD library of binutils in versions before 2.36.\nAn attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2021-08-19T00:00:00", "type": "nessus", "title": "FreeBSD : binutils -- excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section() (f4c54b81-bcc8-11eb-a7a6-080027f515ea)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3487"], "modified": "2021-08-23T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:binutils", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_F4C54B81BCC811EBA7A6080027F515EA.NASL", "href": "https://www.tenable.com/plugins/nessus/152668", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(152668);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/08/23\");\n\n script_cve_id(\"CVE-2021-3487\");\n\n script_name(english:\"FreeBSD : binutils -- excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section() (f4c54b81-bcc8-11eb-a7a6-080027f515ea)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Hao Wang reports :\n\nThere's a flaw in the BFD library of binutils in versions before 2.36.\nAn attacker who supplies a crafted file to an application linked with\nBFD, and using the DWARF functionality, could cause an impact to\nsystem availability by way of excessive memory consumption.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://sourceware.org/bugzilla/show_bug.cgi?id=26946\"\n );\n # https://vuxml.freebsd.org/freebsd/f4c54b81-bcc8-11eb-a7a6-080027f515ea.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?63bca191\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"binutils<2.33.1_5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-02-25T23:59:47", "description": "An update of the binutils package has been released.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2021-05-05T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Binutils PHSA-2021-2.0-0341", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3487"], "modified": "2021-05-05T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:binutils", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2021-2_0-0341_BINUTILS.NASL", "href": "https://www.tenable.com/plugins/nessus/149284", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-2.0-0341. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149284);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/05\");\n\n script_cve_id(\"CVE-2021-3487\");\n\n script_name(english:\"Photon OS 2.0: Binutils PHSA-2021-2.0-0341\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the binutils package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-341.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3487\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 2.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'binutils-2.32-4.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'binutils-devel-2.32-4.ph2')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'binutils');\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-02-28T12:16:13", "description": "An update of the binutils package has been released.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2021-05-05T00:00:00", "type": "nessus", "title": "Photon OS 4.0: Binutils PHSA-2021-4.0-0017", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3487"], "modified": "2021-05-05T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:binutils", "cpe:/o:vmware:photonos:4.0"], "id": "PHOTONOS_PHSA-2021-4_0-0017_BINUTILS.NASL", "href": "https://www.tenable.com/plugins/nessus/149287", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-4.0-0017. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149287);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/05\");\n\n script_cve_id(\"CVE-2021-3487\");\n\n script_name(english:\"Photon OS 4.0: Binutils PHSA-2021-4.0-0017\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the binutils package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-4.0-17.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3487\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:4.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 4\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 4.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'binutils-2.35-2.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'binutils-devel-2.35-2.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'binutils-libs-2.35-2.ph4')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'binutils');\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-02-25T23:57:02", "description": "According to the version of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.(CVE-2021-3487)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2021-07-16T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : binutils (EulerOS-SA-2021-2212)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3487"], "modified": "2021-07-21T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:binutils", "p-cpe:/a:huawei:euleros:binutils-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2212.NASL", "href": "https://www.tenable.com/plugins/nessus/151768", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151768);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/21\");\n\n script_cve_id(\n \"CVE-2021-3487\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : binutils (EulerOS-SA-2021-2212)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the binutils packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - There's a flaw in the BFD library of binutils in\n versions before 2.36. An attacker who supplies a\n crafted file to an application linked with BFD, and\n using the DWARF functionality, could cause an impact to\n system availability by way of excessive memory\n consumption.(CVE-2021-3487)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2212\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?99f0995b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected binutils package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"binutils-2.27-28.base.1.h50.eulerosv2r7\",\n \"binutils-devel-2.27-28.base.1.h50.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-02-25T23:59:46", "description": "An update of the binutils package has been released.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2021-05-05T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Binutils PHSA-2021-3.0-0230", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3487"], "modified": "2021-05-05T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:binutils", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2021-3_0-0230_BINUTILS.NASL", "href": "https://www.tenable.com/plugins/nessus/149295", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-3.0-0230. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149295);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/05\");\n\n script_cve_id(\"CVE-2021-3487\");\n\n script_name(english:\"Photon OS 3.0: Binutils PHSA-2021-3.0-0230\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the binutils package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-230.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3487\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'binutils-2.32-5.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'binutils-devel-2.32-5.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'binutils-libs-2.32-5.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'binutils');\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-02-28T12:16:13", "description": "An update of the binutils package has been released.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2021-05-05T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Binutils PHSA-2021-1.0-0386", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3487"], "modified": "2021-05-05T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:binutils", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2021-1_0-0386_BINUTILS.NASL", "href": "https://www.tenable.com/plugins/nessus/149290", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-1.0-0386. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149290);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/05\");\n\n script_cve_id(\"CVE-2021-3487\");\n\n script_name(english:\"Photon OS 1.0: Binutils PHSA-2021-1.0-0386\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the binutils package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-386.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3487\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 1.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'binutils-2.32-4.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'binutils-devel-2.32-4.ph1')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'binutils');\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-06-06T18:37:04", "description": "According to the versions of the binutils package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.(CVE-2021-20197)\n\n - Not found.(CVE-2021-3487)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.3, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-06-30T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.6.0 : binutils (EulerOS-SA-2021-2024)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-20197", "CVE-2021-3487"], "modified": "2021-07-02T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:binutils", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2021-2024.NASL", "href": "https://www.tenable.com/plugins/nessus/151158", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151158);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/02\");\n\n script_cve_id(\n \"CVE-2021-20197\",\n \"CVE-2021-3487\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.6.0 : binutils (EulerOS-SA-2021-2024)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the binutils package installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - There is an open race window when writing output in the\n following utilities in GNU binutils version 2.35 and\n earlier:ar, objcopy, strip, ranlib. When these\n utilities are run as a privileged user (presumably as\n part of a script updating binaries across different\n users), an unprivileged user can trick these utilities\n into getting ownership of arbitrary files through a\n symlink.(CVE-2021-20197)\n\n - Not found.(CVE-2021-3487)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2024\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?66556024\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected binutils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20197\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"binutils-2.31.1-13.h23.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-06-06T18:36:44", "description": "According to the versions of the binutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.(CVE-2021-3487)\n\n - There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.(CVE-2021-20197)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.3, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-07-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : binutils (EulerOS-SA-2021-2058)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-20197", "CVE-2021-3487"], "modified": "2021-07-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:binutils", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2058.NASL", "href": "https://www.tenable.com/plugins/nessus/151241", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151241);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/06\");\n\n script_cve_id(\n \"CVE-2021-20197\",\n \"CVE-2021-3487\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : binutils (EulerOS-SA-2021-2058)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the binutils package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - There's a flaw in the BFD library of binutils in\n versions before 2.36. An attacker who supplies a\n crafted file to an application linked with BFD, and\n using the DWARF functionality, could cause an impact to\n system availability by way of excessive memory\n consumption.(CVE-2021-3487)\n\n - There is an open race window when writing output in the\n following utilities in GNU binutils version 2.35 and\n earlier:ar, objcopy, strip, ranlib. When these\n utilities are run as a privileged user (presumably as\n part of a script updating binaries across different\n users), an unprivileged user can trick these utilities\n into getting ownership of arbitrary files through a\n symlink.(CVE-2021-20197)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2058\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?aa2df0b2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected binutils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20197\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"binutils-2.34-1.h18.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-06-06T18:36:25", "description": "According to the versions of the binutils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.(CVE-2021-3487)\n\n - There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.(CVE-2021-20197)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.3, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-07-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : binutils (EulerOS-SA-2021-2047)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-20197", "CVE-2021-3487"], "modified": "2021-07-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:binutils", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2047.NASL", "href": "https://www.tenable.com/plugins/nessus/151220", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151220);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/06\");\n\n script_cve_id(\n \"CVE-2021-20197\",\n \"CVE-2021-3487\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : binutils (EulerOS-SA-2021-2047)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the binutils package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - There's a flaw in the BFD library of binutils in\n versions before 2.36. An attacker who supplies a\n crafted file to an application linked with BFD, and\n using the DWARF functionality, could cause an impact to\n system availability by way of excessive memory\n consumption.(CVE-2021-3487)\n\n - There is an open race window when writing output in the\n following utilities in GNU binutils version 2.35 and\n earlier:ar, objcopy, strip, ranlib. When these\n utilities are run as a privileged user (presumably as\n part of a script updating binaries across different\n users), an unprivileged user can trick these utilities\n into getting ownership of arbitrary files through a\n symlink.(CVE-2021-20197)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2047\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5d9eb1d3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected binutils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20197\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"binutils-2.34-1.h18.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-06-07T15:43:25", "description": "According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.(CVE-2021-20197)\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.(CVE-2021-3487)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.3, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-06-04T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : binutils (EulerOS-SA-2021-1964)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-20197", "CVE-2021-3487"], "modified": "2021-06-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:binutils", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2021-1964.NASL", "href": "https://www.tenable.com/plugins/nessus/150278", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150278);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/08\");\n\n script_cve_id(\n \"CVE-2021-20197\",\n \"CVE-2021-3487\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : binutils (EulerOS-SA-2021-1964)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the binutils package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - There is an open race window when writing output in the\n following utilities in GNU binutils version 2.35 and\n earlier:ar, objcopy, strip, ranlib. When these\n utilities are run as a privileged user (presumably as\n part of a script updating binaries across different\n users), an unprivileged user can trick these utilities\n into getting ownership of arbitrary files through a\n symlink.(CVE-2021-20197)\n\n - There's a flaw in the BFD library of binutils in\n versions before 2.36. An attacker who supplies a\n crafted file to an application linked with BFD, and\n using the DWARF functionality, could cause an impact to\n system availability by way of excessive memory\n consumption.(CVE-2021-3487)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1964\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?275ee4c6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected binutils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20197\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"binutils-2.34-1.h18.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-06-06T18:36:44", "description": "According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.(CVE-2021-3487)\n\n - There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.(CVE-2021-20197)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.3, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-06-28T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : binutils (EulerOS-SA-2021-1976)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-20197", "CVE-2021-3487"], "modified": "2021-06-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:binutils", "p-cpe:/a:huawei:euleros:binutils-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1976.NASL", "href": "https://www.tenable.com/plugins/nessus/151031", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151031);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/30\");\n\n script_cve_id(\n \"CVE-2021-20197\",\n \"CVE-2021-3487\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : binutils (EulerOS-SA-2021-1976)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the binutils packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - There's a flaw in the BFD library of binutils in\n versions before 2.36. An attacker who supplies a\n crafted file to an application linked with BFD, and\n using the DWARF functionality, could cause an impact to\n system availability by way of excessive memory\n consumption.(CVE-2021-3487)\n\n - There is an open race window when writing output in the\n following utilities in GNU binutils version 2.35 and\n earlier:ar, objcopy, strip, ranlib. When these\n utilities are run as a privileged user (presumably as\n part of a script updating binaries across different\n users), an unprivileged user can trick these utilities\n into getting ownership of arbitrary files through a\n symlink.(CVE-2021-20197)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1976\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7ed5515d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected binutils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20197\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"binutils-2.31.1-13.h23.eulerosv2r8\",\n \"binutils-devel-2.31.1-13.h23.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-06-07T15:42:07", "description": "According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.(CVE-2021-20197)\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.(CVE-2021-3487)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.3, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-06-04T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : binutils (EulerOS-SA-2021-1974)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-20197", "CVE-2021-3487"], "modified": "2021-06-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:binutils", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2021-1974.NASL", "href": "https://www.tenable.com/plugins/nessus/150249", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150249);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/08\");\n\n script_cve_id(\n \"CVE-2021-20197\",\n \"CVE-2021-3487\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : binutils (EulerOS-SA-2021-1974)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the binutils package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - There is an open race window when writing output in the\n following utilities in GNU binutils version 2.35 and\n earlier:ar, objcopy, strip, ranlib. When these\n utilities are run as a privileged user (presumably as\n part of a script updating binaries across different\n users), an unprivileged user can trick these utilities\n into getting ownership of arbitrary files through a\n symlink.(CVE-2021-20197)\n\n - There's a flaw in the BFD library of binutils in\n versions before 2.36. An attacker who supplies a\n crafted file to an application linked with BFD, and\n using the DWARF functionality, could cause an impact to\n system availability by way of excessive memory\n consumption.(CVE-2021-3487)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1974\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?feee7082\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected binutils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20197\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"binutils-2.34-1.h18.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-02-25T23:48:27", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5124-1 advisory.\n\n - A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.\n (CVE-2020-16592)\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption. (CVE-2021-3487)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2021-10-26T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : GNU binutils vulnerabilities (USN-5124-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16592", "CVE-2021-3487"], "modified": "2021-10-26T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:binutils", "p-cpe:/a:canonical:ubuntu_linux:binutils-aarch64-linux-gnu", "p-cpe:/a:canonical:ubuntu_linux:binutils-alpha-linux-gnu", "p-cpe:/a:canonical:ubuntu_linux:binutils-arm-linux-gnueabi", "p-cpe:/a:canonical:ubuntu_linux:binutils-arm-linux-gnueabihf", "p-cpe:/a:canonical:ubuntu_linux:binutils-common", "p-cpe:/a:canonical:ubuntu_linux:binutils-dev", "p-cpe:/a:canonical:ubuntu_linux:binutils-for-build", "p-cpe:/a:canonical:ubuntu_linux:binutils-for-host", "p-cpe:/a:canonical:ubuntu_linux:binutils-hppa-linux-gnu", "p-cpe:/a:canonical:ubuntu_linux:binutils-i686-gnu", "p-cpe:/a:canonical:ubuntu_linux:binutils-i686-kfreebsd-gnu", "p-cpe:/a:canonical:ubuntu_linux:binutils-i686-linux-gnu", "p-cpe:/a:canonical:ubuntu_linux:binutils-m68k-linux-gnu", "p-cpe:/a:canonical:ubuntu_linux:binutils-mips-linux-gnu", "p-cpe:/a:canonical:ubuntu_linux:binutils-mips64-linux-gnuabi64", "p-cpe:/a:canonical:ubuntu_linux:binutils-mips64-linux-gnuabin32", "p-cpe:/a:canonical:ubuntu_linux:binutils-mips64el-linux-gnuabi64", "p-cpe:/a:canonical:ubuntu_linux:binutils-mips64el-linux-gnuabin32", "p-cpe:/a:canonical:ubuntu_linux:binutils-mipsel-linux-gnu", "p-cpe:/a:canonical:ubuntu_linux:binutils-mipsisa32r6-linux-gnu", "p-cpe:/a:canonical:ubuntu_linux:binutils-mipsisa32r6el-linux-gnu", "p-cpe:/a:canonical:ubuntu_linux:binutils-mipsisa64r6-linux-gnuabi64", "p-cpe:/a:canonical:ubuntu_linux:binutils-mipsisa64r6-linux-gnuabin32", "p-cpe:/a:canonical:ubuntu_linux:binutils-mipsisa64r6el-linux-gnuabi64", "p-cpe:/a:canonical:ubuntu_linux:binutils-mipsisa64r6el-linux-gnuabin32", "p-cpe:/a:canonical:ubuntu_linux:binutils-multiarch", "p-cpe:/a:canonical:ubuntu_linux:binutils-multiarch-dev", "p-cpe:/a:canonical:ubuntu_linux:binutils-riscv64-linux-gnu", "p-cpe:/a:canonical:ubuntu_linux:binutils-s390x-linux-gnu", "p-cpe:/a:canonical:ubuntu_linux:binutils-sh4-linux-gnu", "p-cpe:/a:canonical:ubuntu_linux:binutils-source", "p-cpe:/a:canonical:ubuntu_linux:binutils-x86-64-kfreebsd-gnu", "p-cpe:/a:canonical:ubuntu_linux:binutils-x86-64-linux-gnu", "p-cpe:/a:canonical:ubuntu_linux:binutils-x86-64-linux-gnux32", "p-cpe:/a:canonical:ubuntu_linux:libbinutils", "p-cpe:/a:canonical:ubuntu_linux:libctf-nobfd0", "p-cpe:/a:canonical:ubuntu_linux:libctf0"], "id": "UBUNTU_USN-5124-1.NASL", "href": "https://www.tenable.com/plugins/nessus/154413", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5124-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154413);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/26\");\n\n script_cve_id(\"CVE-2020-16592\", \"CVE-2021-3487\");\n script_xref(name:\"USN\", value:\"5124-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : GNU binutils vulnerabilities (USN-5124-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5124-1 advisory.\n\n - A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils\n 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.\n (CVE-2020-16592)\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted\n file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system\n availability by way of excessive memory consumption. (CVE-2021-3487)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5124-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3487\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-aarch64-linux-gnu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-alpha-linux-gnu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-arm-linux-gnueabi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-arm-linux-gnueabihf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-for-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-for-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-hppa-linux-gnu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-i686-gnu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-i686-kfreebsd-gnu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-i686-linux-gnu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-m68k-linux-gnu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-mips-linux-gnu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-mips64-linux-gnuabi64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-mips64-linux-gnuabin32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-mips64el-linux-gnuabi64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-mips64el-linux-gnuabin32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-mipsel-linux-gnu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-mipsisa32r6-linux-gnu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-mipsisa32r6el-linux-gnu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-mipsisa64r6-linux-gnuabi64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-mipsisa64r6-linux-gnuabin32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-mipsisa64r6el-linux-gnuabi64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-mipsisa64r6el-linux-gnuabin32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-multiarch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-multiarch-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-riscv64-linux-gnu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-s390x-linux-gnu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-sh4-linux-gnu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-x86-64-kfreebsd-gnu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-x86-64-linux-gnu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-x86-64-linux-gnux32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libbinutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libctf-nobfd0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libctf0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021 Canonical, Inc. / NASL script (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(18\\.04|20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'binutils', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-aarch64-linux-gnu', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-alpha-linux-gnu', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-arm-linux-gnueabi', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-arm-linux-gnueabihf', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-common', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-dev', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-for-build', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-for-host', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-hppa-linux-gnu', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-i686-gnu', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-i686-kfreebsd-gnu', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-i686-linux-gnu', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-m68k-linux-gnu', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-mips-linux-gnu', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-mips64-linux-gnuabi64', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-mips64-linux-gnuabin32', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-mips64el-linux-gnuabi64', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-mips64el-linux-gnuabin32', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-mipsel-linux-gnu', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-mipsisa32r6-linux-gnu', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-mipsisa32r6el-linux-gnu', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-mipsisa64r6-linux-gnuabi64', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-mipsisa64r6-linux-gnuabin32', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-mipsisa64r6el-linux-gnuabi64', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-mipsisa64r6el-linux-gnuabin32', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-multiarch', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-multiarch-dev', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-riscv64-linux-gnu', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-s390x-linux-gnu', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-sh4-linux-gnu', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-source', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-x86-64-kfreebsd-gnu', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-x86-64-linux-gnu', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'binutils-x86-64-linux-gnux32', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '18.04', 'pkgname': 'libbinutils', 'pkgver': '2.30-21ubuntu1~18.04.7'},\n {'osver': '20.04', 'pkgname': 'binutils', 'pkgver': '2.34-6ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'binutils-aarch64-linux-gnu', 'pkgver': '2.34-6ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'binutils-alpha-linux-gnu', 'pkgver': '2.34-6ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'binutils-arm-linux-gnueabi', 'pkgver': '2.34-6ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'binutils-arm-linux-gnueabihf', 'pkgver': '2.34-6ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'binutils-common', 'pkgver': '2.34-6ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'binutils-dev', 'pkgver': '2.34-6ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'binutils-for-build', 'pkgver': '2.34-6ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'binutils-for-host', 'pkgver': '2.34-6ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'binutils-hppa-linux-gnu', 'pkgver': '2.34-6ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'binutils-i686-gnu', 'pkgver': '2.34-6ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'binutils-i686-kfreebsd-gnu', 'pkgver': '2.34-6ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'binutils-i686-linux-gnu', 'pkgver': '2.34-6ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'binutils-m68k-linux-gnu', 'pkgver': '2.34-6ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'binutils-multiarch', 'pkgver': '2.34-6ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'binutils-multiarch-dev', 'pkgver': '2.34-6ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'binutils-riscv64-linux-gnu', 'pkgver': '2.34-6ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'binutils-s390x-linux-gnu', 'pkgver': '2.34-6ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'binutils-sh4-linux-gnu', 'pkgver': '2.34-6ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'binutils-source', 'pkgver': '2.34-6ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'binutils-x86-64-kfreebsd-gnu', 'pkgver': '2.34-6ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'binutils-x86-64-linux-gnu', 'pkgver': '2.34-6ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'binutils-x86-64-linux-gnux32', 'pkgver': '2.34-6ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'libbinutils', 'pkgver': '2.34-6ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'libctf-nobfd0', 'pkgver': '2.34-6ubuntu1.3'},\n {'osver': '20.04', 'pkgname': 'libctf0', 'pkgver': '2.34-6ubuntu1.3'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'binutils / binutils-aarch64-linux-gnu / binutils-alpha-linux-gnu / etc');\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-12-08T23:58:06", "description": "The version of gcc10-binutils installed on the remote host is prior to 2.35-21. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1702 advisory.\n\n - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. (CVE-2020-35448)\n\n - A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability. (CVE-2021-20294)\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption. (CVE-2021-3487)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-09-16T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : gcc10-binutils (ALAS-2021-1702)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35448", "CVE-2021-3487", "CVE-2021-20294"], "modified": "2021-09-16T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:gcc10-binutils", "p-cpe:/a:amazon:linux:gcc10-binutils-debuginfo", "p-cpe:/a:amazon:linux:gcc10-binutils-devel", "p-cpe:/a:amazon:linux:gcc10-binutils-gold", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2021-1702.NASL", "href": "https://www.tenable.com/plugins/nessus/153420", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2021-1702.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153420);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/16\");\n\n script_cve_id(\"CVE-2020-35448\", \"CVE-2021-3487\", \"CVE-2021-20294\");\n script_xref(name:\"ALAS\", value:\"2021-1702\");\n\n script_name(english:\"Amazon Linux 2 : gcc10-binutils (ALAS-2021-1702)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of gcc10-binutils installed on the remote host is prior to 2.35-21. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2021-1702 advisory.\n\n - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU\n Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because\n sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. (CVE-2020-35448)\n\n - A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using\n readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary\n data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and\n availability. (CVE-2021-20294)\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted\n file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system\n availability by way of excessive memory consumption. (CVE-2021-3487)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2021-1702.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3487\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update gcc10-binutils' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20294\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gcc10-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gcc10-binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gcc10-binutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:gcc10-binutils-gold\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'gcc10-binutils-2.35-21.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gcc10-binutils-2.35-21.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gcc10-binutils-2.35-21.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gcc10-binutils-debuginfo-2.35-21.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gcc10-binutils-debuginfo-2.35-21.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gcc10-binutils-debuginfo-2.35-21.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gcc10-binutils-devel-2.35-21.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gcc10-binutils-devel-2.35-21.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gcc10-binutils-devel-2.35-21.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gcc10-binutils-gold-2.35-21.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gcc10-binutils-gold-2.35-21.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gcc10-binutils-gold-2.35-21.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gcc10-binutils / gcc10-binutils-debuginfo / gcc10-binutils-devel / etc\");\n}", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-15T17:01:42", "description": "According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption. (CVE-2021-3487)\n\n - stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out- of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. (CVE-2021-45078)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2022-05-26T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : binutils (EulerOS-SA-2022-1706)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-12699", "CVE-2021-3487", "CVE-2021-45078"], "modified": "2022-05-26T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:binutils", "p-cpe:/a:huawei:euleros:binutils-devel", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1706.NASL", "href": "https://www.tenable.com/plugins/nessus/161587", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161587);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/26\");\n\n script_cve_id(\"CVE-2021-3487\", \"CVE-2021-45078\");\n\n script_name(english:\"EulerOS 2.0 SP3 : binutils (EulerOS-SA-2022-1706)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the binutils packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted\n file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system\n availability by way of excessive memory consumption. (CVE-2021-3487)\n\n - stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of\n service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-\n of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. (CVE-2021-45078)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1706\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?00e6b131\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected binutils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-45078\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"binutils-2.25.1-22.base.h48\",\n \"binutils-devel-2.25.1-22.base.h48\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-06T17:30:47", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4364 advisory.\n\n - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. (CVE-2020-35448)\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption. (CVE-2021-3487)\n\n - There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. (CVE-2021-20197)\n\n - A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in\n _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. (CVE-2021-20284)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.3, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : binutils (ALSA-2021:4364)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35448", "CVE-2021-20197", "CVE-2021-20284", "CVE-2021-3487"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:alma:linux:binutils", "p-cpe:/a:alma:linux:binutils-devel", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-4364.NASL", "href": "https://www.tenable.com/plugins/nessus/157479", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:4364.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157479);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2020-35448\",\n \"CVE-2021-3487\",\n \"CVE-2021-20197\",\n \"CVE-2021-20284\"\n );\n script_xref(name:\"ALSA\", value:\"2021:4364\");\n\n script_name(english:\"AlmaLinux 8 : binutils (ALSA-2021:4364)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2021:4364 advisory.\n\n - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU\n Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because\n sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. (CVE-2020-35448)\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted\n file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system\n availability by way of excessive memory consumption. (CVE-2021-3487)\n\n - There is an open race window when writing output in the following utilities in GNU binutils version 2.35\n and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as\n part of a script updating binaries across different users), an unprivileged user can trick these utilities\n into getting ownership of arbitrary files through a symlink. (CVE-2021-20197)\n\n - A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in\n _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The\n highest threat from this vulnerability is to system availability. (CVE-2021-20284)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-4364.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected binutils and / or binutils-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35448\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-20197\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:binutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'binutils-2.30-108.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'binutils-devel-2.30-108.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'binutils-devel-2.30-108.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'binutils / binutils-devel');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-06T18:42:08", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4364 advisory.\n\n - binutils: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section() in elf.c (CVE-2020-35448)\n\n - binutils: Race window allows users to own arbitrary files (CVE-2021-20197)\n\n - binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (CVE-2021-20284)\n\n - binutils: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section() (CVE-2021-3487)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.3, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "RHEL 8 : binutils (RHSA-2021:4364)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35448", "CVE-2021-20197", "CVE-2021-20284", "CVE-2021-3487"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:binutils", "p-cpe:/a:redhat:enterprise_linux:binutils-devel"], "id": "REDHAT-RHSA-2021-4364.NASL", "href": "https://www.tenable.com/plugins/nessus/155155", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:4364. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155155);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2020-35448\",\n \"CVE-2021-3487\",\n \"CVE-2021-20197\",\n \"CVE-2021-20284\"\n );\n script_xref(name:\"RHSA\", value:\"2021:4364\");\n\n script_name(english:\"RHEL 8 : binutils (RHSA-2021:4364)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:4364 advisory.\n\n - binutils: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not\n validated in _bfd_elf_slurp_secondary_reloc_section() in elf.c (CVE-2020-35448)\n\n - binutils: Race window allows users to own arbitrary files (CVE-2021-20197)\n\n - binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (CVE-2021-20284)\n\n - binutils: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c\n read_section() (CVE-2021-3487)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/59.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/119.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-35448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4364\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1913743\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1937784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1947111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1950478\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected binutils and / or binutils-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35448\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-20197\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 59, 119, 400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:binutils-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'binutils-2.30-108.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'binutils-2.30-108.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'binutils-2.30-108.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'binutils-devel-2.30-108.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'binutils-devel-2.30-108.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'binutils-devel-2.30-108.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'binutils-devel-2.30-108.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'binutils / binutils-devel');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-15T20:20:28", "description": "According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in bfd_pef_parse_function_stubs of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.(CVE-2020-35507)\n\n - A flaw was found in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability.(CVE-2020-35496)\n\n - A flaw was found in binutils. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference.\n The greatest threat from this flaw is to application availability.(CVE-2020-35495)\n\n - There's a flaw in the BFD library of binutils. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.(CVE-2021-3487)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2021-07-01T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.6 : binutils (EulerOS-SA-2021-2045)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35495", "CVE-2020-35496", "CVE-2020-35507", "CVE-2021-3487"], "modified": "2021-07-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:binutils", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "id": "EULEROS_SA-2021-2045.NASL", "href": "https://www.tenable.com/plugins/nessus/151259", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151259);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/06\");\n\n script_cve_id(\n \"CVE-2020-35495\",\n \"CVE-2020-35496\",\n \"CVE-2020-35507\",\n \"CVE-2021-3487\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : binutils (EulerOS-SA-2021-2045)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the binutils package installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A flaw was found in bfd_pef_parse_function_stubs of\n bfd/pef.c in binutils which could allow an attacker who\n is able to submit a crafted file to be processed by\n objdump to cause a NULL pointer dereference. The\n greatest threat of this flaw is to application\n availability.(CVE-2020-35507)\n\n - A flaw was found in bfd_pef_scan_start_address() of\n bfd/pef.c in binutils which could allow an attacker who\n is able to submit a crafted file to be processed by\n objdump to cause a NULL pointer dereference. The\n greatest threat of this flaw is to application\n availability.(CVE-2020-35496)\n\n - A flaw was found in binutils. An attacker who is able\n to submit a crafted input file to be processed by the\n objdump program could cause a null pointer dereference.\n The greatest threat from this flaw is to application\n availability.(CVE-2020-35495)\n\n - There's a flaw in the BFD library of binutils. An\n attacker who supplies a crafted file to an application\n linked with BFD, and using the DWARF functionality,\n could cause an impact to system availability by way of\n excessive memory consumption.(CVE-2021-3487)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2045\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8a23c97b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected binutils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"binutils-2.27-28.base.1.h50.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-06-06T18:41:24", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4364 advisory.\n\n - binutils: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section() in elf.c (CVE-2020-35448)\n\n - binutils: Race window allows users to own arbitrary files (CVE-2021-20197)\n\n - binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (CVE-2021-20284)\n\n - binutils: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section() (CVE-2021-3487)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.3, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "CentOS 8 : binutils (CESA-2021:4364)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35448", "CVE-2021-20197", "CVE-2021-20284", "CVE-2021-3487"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:binutils", "p-cpe:/a:centos:centos:binutils-devel"], "id": "CENTOS8_RHSA-2021-4364.NASL", "href": "https://www.tenable.com/plugins/nessus/155198", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:4364. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155198);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2020-35448\",\n \"CVE-2021-3487\",\n \"CVE-2021-20197\",\n \"CVE-2021-20284\"\n );\n script_xref(name:\"RHSA\", value:\"2021:4364\");\n\n script_name(english:\"CentOS 8 : binutils (CESA-2021:4364)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:4364 advisory.\n\n - binutils: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not\n validated in _bfd_elf_slurp_secondary_reloc_section() in elf.c (CVE-2020-35448)\n\n - binutils: Race window allows users to own arbitrary files (CVE-2021-20197)\n\n - binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (CVE-2021-20284)\n\n - binutils: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c\n read_section() (CVE-2021-3487)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4364\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected binutils and / or binutils-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35448\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-20197\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:binutils-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'binutils-2.30-108.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'binutils-2.30-108.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'binutils-devel-2.30-108.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'binutils-devel-2.30-108.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'binutils / binutils-devel');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-15T18:19:15", "description": "The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5341-1 advisory.\n\n - The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count integer overflows, which allows remote attackers to cause a denial of service (excessive memory allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted PE file. (CVE-2017-17122)\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption. (CVE-2021-3487)\n\n - stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out- of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. (CVE-2021-45078)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2022-03-22T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : GNU binutils vulnerabilities (USN-5341-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17122", "CVE-2018-12699", "CVE-2021-3487", "CVE-2021-45078"], "modified": "2022-03-22T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:binutils", "p-cpe:/a:canonical:ubuntu_linux:binutils-aarch64-linux-gnu", "p-cpe:/a:canonical:ubuntu_linux:binutils-alpha-linux-gnu", "p-cpe:/a:canonical:ubuntu_linux:binutils-arm-linux-gnueabi", "p-cpe:/a:canonical:ubuntu_linux:binutils-arm-linux-gnueabihf", "p-cpe:/a:canonical:ubuntu_linux:binutils-dev", "p-cpe:/a:canonical:ubuntu_linux:binutils-hppa-linux-gnu", "p-cpe:/a:canonical:ubuntu_linux:binutils-m68k-linux-gnu", "p-cpe:/a:canonical:ubuntu_linux:binutils-mips-linux-gnu", "p-cpe:/a:canonical:ubuntu_linux:binutils-mips64-linux-gnuabi64", "p-cpe:/a:canonical:ubuntu_linux:binutils-mips64el-linux-gnuabi64", "p-cpe:/a:canonical:ubuntu_linux:binutils-mipsel-linux-gnu", "p-cpe:/a:canonical:ubuntu_linux:binutils-multiarch", "p-cpe:/a:canonical:ubuntu_linux:binutils-multiarch-dev", "p-cpe:/a:canonical:ubuntu_linux:binutils-s390x-linux-gnu", "p-cpe:/a:canonical:ubuntu_linux:binutils-sh4-linux-gnu", "p-cpe:/a:canonical:ubuntu_linux:binutils-source"], "id": "UBUNTU_USN-5341-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159138", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5341-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159138);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/22\");\n\n script_cve_id(\"CVE-2017-17122\", \"CVE-2021-3487\", \"CVE-2021-45078\");\n script_xref(name:\"USN\", value:\"5341-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : GNU binutils vulnerabilities (USN-5341-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-5341-1 advisory.\n\n - The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 does not check for reloc count\n integer overflows, which allows remote attackers to cause a denial of service (excessive memory\n allocation, or heap-based buffer overflow and application crash) or possibly have unspecified other impact\n via a crafted PE file. (CVE-2017-17122)\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted\n file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system\n availability by way of excessive memory consumption. (CVE-2021-3487)\n\n - stab_xcoff_builtin_type in stabs.c in GNU Binutils through 2.37 allows attackers to cause a denial of\n service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-\n of-bounds write. NOTE: this issue exists because of an incorrect fix for CVE-2018-12699. (CVE-2021-45078)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5341-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-45078\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-aarch64-linux-gnu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-alpha-linux-gnu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-arm-linux-gnueabi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-arm-linux-gnueabihf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-hppa-linux-gnu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-m68k-linux-gnu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-mips-linux-gnu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-mips64-linux-gnuabi64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-mips64el-linux-gnuabi64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-mipsel-linux-gnu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-multiarch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-multiarch-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-s390x-linux-gnu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-sh4-linux-gnu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-source\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022 Canonical, Inc. / NASL script (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('misc_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'binutils', 'pkgver': '2.26.1-1ubuntu1~16.04.8+esm3'},\n {'osver': '16.04', 'pkgname': 'binutils-aarch64-linux-gnu', 'pkgver': '2.26.1-1ubuntu1~16.04.8+esm3'},\n {'osver': '16.04', 'pkgname': 'binutils-alpha-linux-gnu', 'pkgver': '2.26.1-1ubuntu1~16.04.8+esm3'},\n {'osver': '16.04', 'pkgname': 'binutils-arm-linux-gnueabi', 'pkgver': '2.26.1-1ubuntu1~16.04.8+esm3'},\n {'osver': '16.04', 'pkgname': 'binutils-arm-linux-gnueabihf', 'pkgver': '2.26.1-1ubuntu1~16.04.8+esm3'},\n {'osver': '16.04', 'pkgname': 'binutils-dev', 'pkgver': '2.26.1-1ubuntu1~16.04.8+esm3'},\n {'osver': '16.04', 'pkgname': 'binutils-hppa-linux-gnu', 'pkgver': '2.26.1-1ubuntu1~16.04.8+esm3'},\n {'osver': '16.04', 'pkgname': 'binutils-m68k-linux-gnu', 'pkgver': '2.26.1-1ubuntu1~16.04.8+esm3'},\n {'osver': '16.04', 'pkgname': 'binutils-mips-linux-gnu', 'pkgver': '2.26.1-1ubuntu1~16.04.8+esm3'},\n {'osver': '16.04', 'pkgname': 'binutils-mips64-linux-gnuabi64', 'pkgver': '2.26.1-1ubuntu1~16.04.8+esm3'},\n {'osver': '16.04', 'pkgname': 'binutils-mips64el-linux-gnuabi64', 'pkgver': '2.26.1-1ubuntu1~16.04.8+esm3'},\n {'osver': '16.04', 'pkgname': 'binutils-mipsel-linux-gnu', 'pkgver': '2.26.1-1ubuntu1~16.04.8+esm3'},\n {'osver': '16.04', 'pkgname': 'binutils-multiarch', 'pkgver': '2.26.1-1ubuntu1~16.04.8+esm3'},\n {'osver': '16.04', 'pkgname': 'binutils-multiarch-dev', 'pkgver': '2.26.1-1ubuntu1~16.04.8+esm3'},\n {'osver': '16.04', 'pkgname': 'binutils-s390x-linux-gnu', 'pkgver': '2.26.1-1ubuntu1~16.04.8+esm3'},\n {'osver': '16.04', 'pkgname': 'binutils-sh4-linux-gnu', 'pkgver': '2.26.1-1ubuntu1~16.04.8+esm3'},\n {'osver': '16.04', 'pkgname': 'binutils-source', 'pkgver': '2.26.1-1ubuntu1~16.04.8+esm3'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'binutils / binutils-aarch64-linux-gnu / binutils-alpha-linux-gnu / etc');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-06T18:42:25", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4364 advisory.\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption. (CVE-2021-3487)\n\n - A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in\n _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. (CVE-2021-20284)\n\n - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. (CVE-2020-35448)\n\n - There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. (CVE-2021-20197)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.3, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-11-17T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : binutils (ELSA-2021-4364)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35448", "CVE-2021-20197", "CVE-2021-20284", "CVE-2021-3487"], "modified": "2022-05-06T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:binutils", "p-cpe:/a:oracle:linux:binutils-devel"], "id": "ORACLELINUX_ELSA-2021-4364.NASL", "href": "https://www.tenable.com/plugins/nessus/155427", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-4364.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155427);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2020-35448\",\n \"CVE-2021-3487\",\n \"CVE-2021-20197\",\n \"CVE-2021-20284\"\n );\n\n script_name(english:\"Oracle Linux 8 : binutils (ELSA-2021-4364)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-4364 advisory.\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted\n file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system\n availability by way of excessive memory consumption. (CVE-2021-3487)\n\n - A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in\n _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The\n highest threat from this vulnerability is to system availability. (CVE-2021-20284)\n\n - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU\n Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because\n sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. (CVE-2020-35448)\n\n - There is an open race window when writing output in the following utilities in GNU binutils version 2.35\n and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as\n part of a script updating binaries across different users), an unprivileged user can trick these utilities\n into getting ownership of arbitrary files through a symlink. (CVE-2021-20197)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-4364.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected binutils and / or binutils-devel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35448\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-20197\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:binutils-devel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'binutils-2.30-108.0.2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'binutils-2.30-108.0.2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'binutils-devel-2.30-108.0.2.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'binutils-devel-2.30-108.0.2.el8', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'binutils-devel-2.30-108.0.2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'binutils / binutils-devel');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-01-07T11:55:39", "description": "According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be processed by the objdump program could cause a null pointer dereference. The greatest threat from this flaw is to application availability. This flaw affects binutils versions prior to 2.34. (CVE-2020-35495)\n\n - There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. (CVE-2020-35496)\n\n - There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. (CVE-2020-35507)\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption. (CVE-2021-3487)\n\n - An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system availability. (CVE-2021-3549)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.1, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}, "published": "2022-01-06T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.6 : binutils (EulerOS-SA-2021-2903)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-35495", "CVE-2020-35496", "CVE-2020-35507", "CVE-2021-3487", "CVE-2021-3549"], "modified": "2022-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:binutils", "cpe:/o:huawei:euleros:uvp:3.0.2.6"], "id": "EULEROS_SA-2021-2903.NASL", "href": "https://www.tenable.com/plugins/nessus/156515", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156515);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/06\");\n\n script_cve_id(\n \"CVE-2020-35495\",\n \"CVE-2020-35496\",\n \"CVE-2020-35507\",\n \"CVE-2021-3487\",\n \"CVE-2021-3549\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.2.6 : binutils (EulerOS-SA-2021-2903)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - There's a flaw in binutils /bfd/pef.c. An attacker who is able to submit a crafted input file to be\n processed by the objdump program could cause a null pointer dereference. The greatest threat from this\n flaw is to application availability. This flaw affects binutils versions prior to 2.34. (CVE-2020-35495)\n\n - There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who\n is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The\n greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to\n 2.34. (CVE-2020-35496)\n\n - There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which\n could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL\n pointer dereference. The greatest threat of this flaw is to application availability. (CVE-2020-35507)\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted\n file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system\n availability by way of excessive memory consumption. (CVE-2021-3487)\n\n - An out of bounds flaw was found in GNU binutils objdump utility version 2.36. An attacker could use this\n flaw and pass a large section to avr_elf32_load_records_from_section() probably resulting in a crash or in\n some cases memory corruption. The highest threat from this vulnerability is to integrity as well as system\n availability. (CVE-2021-3549)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2903\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?67368467\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected binutils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3549\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"binutils-2.27-28.base.1.h51.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2022-06-06T18:40:17", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3616-1 advisory.\n\n - A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file. (CVE-2020-16590)\n\n - A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif. (CVE-2020-16591)\n\n - A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.\n (CVE-2020-16592)\n\n - A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file. (CVE-2020-16593)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2020-16598)\n\n - A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file. (CVE-2020-16599)\n\n - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. (CVE-2020-35448)\n\n - A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. (CVE-2020-35493)\n\n - There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. (CVE-2020-35496)\n\n - There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. (CVE-2020-35507)\n\n - There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. (CVE-2021-20197)\n\n - A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in\n _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. (CVE-2021-20284)\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption. (CVE-2021-3487)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.3, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-11-05T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : binutils (SUSE-SU-2021:3616-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16590", "CVE-2020-16591", "CVE-2020-16592", "CVE-2020-16593", "CVE-2020-16598", "CVE-2020-16599", "CVE-2020-35448", "CVE-2020-35493", "CVE-2020-35496", "CVE-2020-35507", "CVE-2021-20197", "CVE-2021-20284", "CVE-2021-3487"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:binutils", "p-cpe:/a:novell:suse_linux:binutils-devel", "p-cpe:/a:novell:suse_linux:binutils-devel-32bit", "p-cpe:/a:novell:suse_linux:binutils-gold", "p-cpe:/a:novell:suse_linux:bpftrace", "p-cpe:/a:novell:suse_linux:bpftrace-tools", "p-cpe:/a:novell:suse_linux:libctf-nobfd0", "p-cpe:/a:novell:suse_linux:libctf0", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-3616-1.NASL", "href": "https://www.tenable.com/plugins/nessus/154921", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3616-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154921);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2020-16590\",\n \"CVE-2020-16591\",\n \"CVE-2020-16592\",\n \"CVE-2020-16593\",\n \"CVE-2020-16598\",\n \"CVE-2020-16599\",\n \"CVE-2020-35448\",\n \"CVE-2020-35493\",\n \"CVE-2020-35496\",\n \"CVE-2020-35507\",\n \"CVE-2021-3487\",\n \"CVE-2021-20197\",\n \"CVE-2021-20284\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3616-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : binutils (SUSE-SU-2021:3616-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:3616-1 advisory.\n\n - A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35\n in the process_symbol_table, as demonstrated in readelf, via a crafted file. (CVE-2020-16590)\n\n - A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to\n an invalid read in process_symbol_table, as demonstrated in readeif. (CVE-2020-16591)\n\n - A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils\n 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.\n (CVE-2020-16592)\n\n - A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd),\n as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can\n cause a denial of service via a crafted file. (CVE-2020-16593)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by\n its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2020-16598)\n\n - A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd),\n as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new,\n that can cause a denial of service via a crafted file. (CVE-2020-16599)\n\n - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU\n Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because\n sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. (CVE-2020-35448)\n\n - A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed\n by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to\n application availability. This flaw affects binutils versions prior to 2.34. (CVE-2020-35493)\n\n - There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who\n is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The\n greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to\n 2.34. (CVE-2020-35496)\n\n - There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which\n could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL\n pointer dereference. The greatest threat of this flaw is to application availability. (CVE-2020-35507)\n\n - There is an open race window when writing output in the following utilities in GNU binutils version 2.35\n and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as\n part of a script updating binaries across different users), an unprivileged user can trick these utilities\n into getting ownership of arbitrary files through a symlink. (CVE-2021-20197)\n\n - A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in\n _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The\n highest threat from this vulnerability is to system availability. (CVE-2021-20284)\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted\n file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system\n availability by way of excessive memory consumption. (CVE-2021-3487)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179899\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184794\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-November/009696.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2e9d1869\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3487\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35448\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-20197\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:binutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:binutils-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:binutils-gold\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bpftrace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:bpftrace-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libctf-nobfd0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libctf0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2/3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1/2/3\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'binutils-2.37-7.21.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'binutils-devel-2.37-7.21.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'binutils-devel-32bit-2.37-7.21.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'libctf-nobfd0-2.37-7.21.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'libctf0-2.37-7.21.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15.1'},\n {'reference':'binutils-2.37-7.21.2', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'binutils-2.37-7.21.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'binutils-devel-2.37-7.21.2', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'binutils-devel-2.37-7.21.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'binutils-devel-32bit-2.37-7.21.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'libctf-nobfd0-2.37-7.21.2', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'libctf-nobfd0-2.37-7.21.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'libctf0-2.37-7.21.2', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'libctf0-2.37-7.21.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-1'},\n {'reference':'binutils-2.37-7.21.2', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'binutils-2.37-7.21.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'binutils-devel-2.37-7.21.2', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'binutils-devel-2.37-7.21.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'binutils-devel-32bit-2.37-7.21.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'libctf-nobfd0-2.37-7.21.2', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'libctf-nobfd0-2.37-7.21.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'libctf0-2.37-7.21.2', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'libctf0-2.37-7.21.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15.1'},\n {'reference':'binutils-2.37-7.21.2', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.2'},\n {'reference':'binutils-2.37-7.21.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.2'},\n {'reference':'binutils-devel-2.37-7.21.2', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.2'},\n {'reference':'binutils-devel-2.37-7.21.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.2'},\n {'reference':'libctf-nobfd0-2.37-7.21.2', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.2'},\n {'reference':'libctf-nobfd0-2.37-7.21.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.2'},\n {'reference':'libctf0-2.37-7.21.2', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.2'},\n {'reference':'libctf0-2.37-7.21.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.2'},\n {'reference':'binutils-2.37-7.21.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'binutils-2.37-7.21.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'binutils-devel-2.37-7.21.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'binutils-devel-2.37-7.21.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libctf-nobfd0-2.37-7.21.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libctf-nobfd0-2.37-7.21.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libctf0-2.37-7.21.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'libctf0-2.37-7.21.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-basesystem-release-15.3'},\n {'reference':'binutils-devel-32bit-2.37-7.21.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.2'},\n {'reference':'binutils-devel-32bit-2.37-7.21.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.2'},\n {'reference':'binutils-devel-32bit-2.37-7.21.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.3'},\n {'reference':'binutils-devel-32bit-2.37-7.21.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.3'},\n {'reference':'bpftrace-0.11.4-3.2.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.3'},\n {'reference':'bpftrace-0.11.4-3.2.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.3'},\n {'reference':'bpftrace-tools-0.11.4-3.2.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.3'},\n {'reference':'bpftrace-tools-0.11.4-3.2.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-development-tools-release-15.3'},\n {'reference':'binutils-gold-2.37-7.21.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-packagehub-subpackages-release-15.2'},\n {'reference':'binutils-gold-2.37-7.21.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-module-packagehub-subpackages-release-15.3'},\n {'reference':'binutils-2.37-7.21.2', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'binutils-devel-2.37-7.21.2', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'binutils-devel-32bit-2.37-7.21.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'libctf-nobfd0-2.37-7.21.2', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'libctf0-2.37-7.21.2', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15.1'},\n {'reference':'binutils-2.37-7.21.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'binutils-devel-2.37-7.21.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'binutils-devel-32bit-2.37-7.21.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'libctf-nobfd0-2.37-7.21.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'},\n {'reference':'libctf0-2.37-7.21.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-15.1'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'binutils / binutils-devel / binutils-devel-32bit / binutils-gold / etc');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-06T18:40:56", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3616-1 advisory.\n\n - A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file. (CVE-2020-16590)\n\n - A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif. (CVE-2020-16591)\n\n - A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.\n (CVE-2020-16592)\n\n - A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file. (CVE-2020-16593)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2020-16598)\n\n - A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file. (CVE-2020-16599)\n\n - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. (CVE-2020-35448)\n\n - A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. (CVE-2020-35493)\n\n - There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. (CVE-2020-35496)\n\n - There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. (CVE-2020-35507)\n\n - There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. (CVE-2021-20197)\n\n - A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in\n _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. (CVE-2021-20284)\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption. (CVE-2021-3487)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 6.3, "vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-11-05T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : binutils (openSUSE-SU-2021:3616-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16590", "CVE-2020-16591", "CVE-2020-16592", "CVE-2020-16593", "CVE-2020-16598", "CVE-2020-16599", "CVE-2020-35448", "CVE-2020-35493", "CVE-2020-35496", "CVE-2020-35507", "CVE-2021-20197", "CVE-2021-20284", "CVE-2021-3487"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:binutils", "p-cpe:/a:novell:opensuse:binutils-devel", "p-cpe:/a:novell:opensuse:binutils-devel-32bit", "p-cpe:/a:novell:opensuse:binutils-gold", "p-cpe:/a:novell:opensuse:bpftrace", "p-cpe:/a:novell:opensuse:bpftrace-tools", "p-cpe:/a:novell:opensuse:cross-aarch64-binutils", "p-cpe:/a:novell:opensuse:cross-arm-binutils", "p-cpe:/a:novell:opensuse:cross-avr-binutils", "p-cpe:/a:novell:opensuse:cross-epiphany-binutils", "p-cpe:/a:novell:opensuse:cross-hppa-binutils", "p-cpe:/a:novell:opensuse:cross-hppa64-binutils", "p-cpe:/a:novell:opensuse:cross-i386-binutils", "p-cpe:/a:novell:opensuse:cross-ia64-binutils", "p-cpe:/a:novell:opensuse:cross-m68k-binutils", "p-cpe:/a:novell:opensuse:cross-mips-binutils", "p-cpe:/a:novell:opensuse:cross-ppc-binutils", "p-cpe:/a:novell:opensuse:cross-ppc64-binutils", "p-cpe:/a:novell:opensuse:cross-ppc64le-binutils", "p-cpe:/a:novell:opensuse:cross-riscv64-binutils", "p-cpe:/a:novell:opensuse:cross-rx-binutils", "p-cpe:/a:novell:opensuse:cross-s390-binutils", "p-cpe:/a:novell:opensuse:cross-s390x-binutils", "p-cpe:/a:novell:opensuse:cross-sparc-binutils", "p-cpe:/a:novell:opensuse:cross-sparc64-binutils", "p-cpe:/a:novell:opensuse:cross-spu-binutils", "p-cpe:/a:novell:opensuse:cross-x86_64-binutils", "p-cpe:/a:novell:opensuse:libctf-nobfd0", "p-cpe:/a:novell:opensuse:libctf0", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-3616.NASL", "href": "https://www.tenable.com/plugins/nessus/154898", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:3616-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154898);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2020-16590\",\n \"CVE-2020-16591\",\n \"CVE-2020-16592\",\n \"CVE-2020-16593\",\n \"CVE-2020-16598\",\n \"CVE-2020-16599\",\n \"CVE-2020-35448\",\n \"CVE-2020-35493\",\n \"CVE-2020-35496\",\n \"CVE-2020-35507\",\n \"CVE-2021-3487\",\n \"CVE-2021-20197\",\n \"CVE-2021-20284\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : binutils (openSUSE-SU-2021:3616-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:3616-1 advisory.\n\n - A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35\n in the process_symbol_table, as demonstrated in readelf, via a crafted file. (CVE-2020-16590)\n\n - A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to\n an invalid read in process_symbol_table, as demonstrated in readeif. (CVE-2020-16591)\n\n - A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils\n 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.\n (CVE-2020-16592)\n\n - A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd),\n as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can\n cause a denial of service via a crafted file. (CVE-2020-16593)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by\n its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2020-16598)\n\n - A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd),\n as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new,\n that can cause a denial of service via a crafted file. (CVE-2020-16599)\n\n - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU\n Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because\n sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. (CVE-2020-35448)\n\n - A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed\n by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to\n application availability. This flaw affects binutils versions prior to 2.34. (CVE-2020-35493)\n\n - There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who\n is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The\n greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to\n 2.34. (CVE-2020-35496)\n\n - There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which\n could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL\n pointer dereference. The greatest threat of this flaw is to application availability. (CVE-2020-35507)\n\n - There is an open race window when writing output in the following utilities in GNU binutils version 2.35\n and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as\n part of a script updating binaries across different users), an unprivileged user can trick these utilities\n into getting ownership of arbitrary files through a symlink. (CVE-2021-20197)\n\n - A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in\n _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The\n highest threat from this vulnerability is to system availability. (CVE-2021-20284)\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted\n file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system\n availability by way of excessive memory consumption. (CVE-2021-3487)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179899\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184794\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4TQ3DLF5YEQDDJUON6WGBX2HVVM7FOLB/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?728c1272\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3487\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35448\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-20197\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:binutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:binutils-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:binutils-gold\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bpftrace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bpftrace-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-aarch64-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-arm-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-avr-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-epiphany-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-hppa-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-hppa64-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-i386-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-ia64-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-m68k-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-mips-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-ppc-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-ppc64-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-ppc64le-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-riscv64-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-rx-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-s390-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-s390x-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-sparc-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-sparc64-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-spu-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-x86_64-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libctf-nobfd0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libctf0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'binutils-2.37-7.21.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'binutils-devel-2.37-7.21.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'binutils-devel-32bit-2.37-7.21.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'binutils-gold-2.37-7.21.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftrace-0.11.4-3.2.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftrace-tools-0.11.4-3.2.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-aarch64-binutils-2.37-7.21.1', 'cpu':'s390x', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-aarch64-binutils-2.37-7.21.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-arm-binutils-2.37-7.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-avr-binutils-2.37-7.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-epiphany-binutils-2.37-7.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-hppa-binutils-2.37-7.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-hppa64-binutils-2.37-7.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-i386-binutils-2.37-7.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-ia64-binutils-2.37-7.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-m68k-binutils-2.37-7.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-mips-binutils-2.37-7.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-ppc-binutils-2.37-7.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-ppc64-binutils-2.37-7.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-ppc64le-binutils-2.37-7.21.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-ppc64le-binutils-2.37-7.21.1', 'cpu':'s390x', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-ppc64le-binutils-2.37-7.21.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-riscv64-binutils-2.37-7.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-rx-binutils-2.37-7.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-s390-binutils-2.37-7.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-s390x-binutils-2.37-7.21.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-s390x-binutils-2.37-7.21.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-sparc-binutils-2.37-7.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-sparc64-binutils-2.37-7.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-spu-binutils-2.37-7.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-x86_64-binutils-2.37-7.21.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-x86_64-binutils-2.37-7.21.1', 'cpu':'s390x', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libctf-nobfd0-2.37-7.21.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libctf0-2.37-7.21.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'binutils / binutils-devel / binutils-devel-32bit / binutils-gold / etc');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-06T17:34:40", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0934-1 advisory.\n\n - A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file. (CVE-2020-16590)\n\n - A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif. (CVE-2020-16591)\n\n - A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.\n (CVE-2020-16592)\n\n - A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file. (CVE-2020-16593)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2020-16598)\n\n - A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file. (CVE-2020-16599)\n\n - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. (CVE-2020-35448)\n\n - A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. (CVE-2020-35493)\n\n - There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. (CVE-2020-35496)\n\n - There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. (CVE-2020-35507)\n\n - There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. (CVE-2021-20197)\n\n - A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in\n _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. (CVE-2021-20284)\n\n - A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability. (CVE-2021-20294)\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption. (CVE-2021-3487)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2022-03-23T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : binutils (SUSE-SU-2022:0934-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16590", "CVE-2020-16591", "CVE-2020-16592", "CVE-2020-16593", "CVE-2020-16598", "CVE-2020-16599", "CVE-2020-35448", "CVE-2020-35493", "CVE-2020-35496", "CVE-2020-35507", "CVE-2021-20197", "CVE-2021-20284", "CVE-2021-20294", "CVE-2021-3487"], "modified": "2022-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:binutils", "p-cpe:/a:novell:suse_linux:binutils-devel", "p-cpe:/a:novell:suse_linux:binutils-devel-32bit", "p-cpe:/a:novell:suse_linux:libctf-nobfd0", "p-cpe:/a:novell:suse_linux:libctf0", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-0934-1.NASL", "href": "https://www.tenable.com/plugins/nessus/159175", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0934-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159175);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/03/23\");\n\n script_cve_id(\n \"CVE-2020-16590\",\n \"CVE-2020-16591\",\n \"CVE-2020-16592\",\n \"CVE-2020-16593\",\n \"CVE-2020-16598\",\n \"CVE-2020-16599\",\n \"CVE-2020-35448\",\n \"CVE-2020-35493\",\n \"CVE-2020-35496\",\n \"CVE-2020-35507\",\n \"CVE-2021-3487\",\n \"CVE-2021-20197\",\n \"CVE-2021-20284\",\n \"CVE-2021-20294\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0934-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : binutils (SUSE-SU-2022:0934-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:0934-1 advisory.\n\n - A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35\n in the process_symbol_table, as demonstrated in readelf, via a crafted file. (CVE-2020-16590)\n\n - A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to\n an invalid read in process_symbol_table, as demonstrated in readeif. (CVE-2020-16591)\n\n - A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils\n 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.\n (CVE-2020-16592)\n\n - A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd),\n as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can\n cause a denial of service via a crafted file. (CVE-2020-16593)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by\n its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2020-16598)\n\n - A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd),\n as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new,\n that can cause a denial of service via a crafted file. (CVE-2020-16599)\n\n - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU\n Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because\n sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. (CVE-2020-35448)\n\n - A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed\n by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to\n application availability. This flaw affects binutils versions prior to 2.34. (CVE-2020-35493)\n\n - There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who\n is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The\n greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to\n 2.34. (CVE-2020-35496)\n\n - There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which\n could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL\n pointer dereference. The greatest threat of this flaw is to application availability. (CVE-2020-35507)\n\n - There is an open race window when writing output in the following utilities in GNU binutils version 2.35\n and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as\n part of a script updating binaries across different users), an unprivileged user can trick these utilities\n into getting ownership of arbitrary files through a symlink. (CVE-2021-20197)\n\n - A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in\n _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The\n highest threat from this vulnerability is to system availability. (CVE-2021-20284)\n\n - A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using\n readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary\n data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and\n availability. (CVE-2021-20294)\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted\n file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system\n availability by way of excessive memory consumption. (CVE-2021-3487)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179899\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184794\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191473\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192267\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-March/010497.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?42815fb8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3487\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20294\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:binutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:binutils-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libctf-nobfd0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libctf0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'binutils-2.37-6.23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'binutils-devel-2.37-6.23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'binutils-devel-32bit-2.37-6.23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'libctf-nobfd0-2.37-6.23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'libctf0-2.37-6.23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-15'},\n {'reference':'binutils-2.37-6.23.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'binutils-2.37-6.23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'binutils-2.37-6.23.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'binutils-2.37-6.23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'binutils-devel-2.37-6.23.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'binutils-devel-2.37-6.23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'binutils-devel-2.37-6.23.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'binutils-devel-2.37-6.23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'binutils-devel-32bit-2.37-6.23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'binutils-devel-32bit-2.37-6.23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libctf-nobfd0-2.37-6.23.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libctf-nobfd0-2.37-6.23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libctf-nobfd0-2.37-6.23.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libctf-nobfd0-2.37-6.23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libctf0-2.37-6.23.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libctf0-2.37-6.23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libctf0-2.37-6.23.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'libctf0-2.37-6.23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-ESPOS-release-15'},\n {'reference':'binutils-2.37-6.23.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'binutils-2.37-6.23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'binutils-2.37-6.23.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'binutils-2.37-6.23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'binutils-devel-2.37-6.23.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'binutils-devel-2.37-6.23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'binutils-devel-2.37-6.23.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'binutils-devel-2.37-6.23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'binutils-devel-32bit-2.37-6.23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'binutils-devel-32bit-2.37-6.23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libctf-nobfd0-2.37-6.23.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libctf-nobfd0-2.37-6.23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libctf-nobfd0-2.37-6.23.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libctf-nobfd0-2.37-6.23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libctf0-2.37-6.23.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libctf0-2.37-6.23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libctf0-2.37-6.23.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'libctf0-2.37-6.23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLE_HPC-LTSS-release-15'},\n {'reference':'binutils-2.37-6.23.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'binutils-devel-2.37-6.23.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'binutils-devel-32bit-2.37-6.23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'libctf-nobfd0-2.37-6.23.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'},\n {'reference':'libctf0-2.37-6.23.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-ltss-release-15'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'binutils / binutils-devel / binutils-devel-32bit / libctf-nobfd0 / etc');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-06T18:41:26", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1475-1 advisory.\n\n - A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file. (CVE-2020-16590)\n\n - A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif. (CVE-2020-16591)\n\n - A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.\n (CVE-2020-16592)\n\n - A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file. (CVE-2020-16593)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2020-16598)\n\n - A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file. (CVE-2020-16599)\n\n - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. (CVE-2020-35448)\n\n - A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. (CVE-2020-35493)\n\n - There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. (CVE-2020-35496)\n\n - There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. (CVE-2020-35507)\n\n - There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. (CVE-2021-20197)\n\n - A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in\n _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. (CVE-2021-20284)\n\n - A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability. (CVE-2021-20294)\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption. (CVE-2021-3487)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-11-16T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : binutils (openSUSE-SU-2021:1475-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-16590", "CVE-2020-16591", "CVE-2020-16592", "CVE-2020-16593", "CVE-2020-16598", "CVE-2020-16599", "CVE-2020-35448", "CVE-2020-35493", "CVE-2020-35496", "CVE-2020-35507", "CVE-2021-20197", "CVE-2021-20284", "CVE-2021-20294", "CVE-2021-3487"], "modified": "2021-11-16T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:binutils", "p-cpe:/a:novell:opensuse:binutils-devel", "p-cpe:/a:novell:opensuse:binutils-devel-32bit", "p-cpe:/a:novell:opensuse:binutils-gold", "p-cpe:/a:novell:opensuse:bpftrace", "p-cpe:/a:novell:opensuse:bpftrace-tools", "p-cpe:/a:novell:opensuse:cross-aarch64-binutils", "p-cpe:/a:novell:opensuse:cross-arm-binutils", "p-cpe:/a:novell:opensuse:cross-avr-binutils", "p-cpe:/a:novell:opensuse:cross-epiphany-binutils", "p-cpe:/a:novell:opensuse:cross-hppa-binutils", "p-cpe:/a:novell:opensuse:cross-hppa64-binutils", "p-cpe:/a:novell:opensuse:cross-i386-binutils", "p-cpe:/a:novell:opensuse:cross-ia64-binutils", "p-cpe:/a:novell:opensuse:cross-m68k-binutils", "p-cpe:/a:novell:opensuse:cross-mips-binutils", "p-cpe:/a:novell:opensuse:cross-ppc-binutils", "p-cpe:/a:novell:opensuse:cross-ppc64-binutils", "p-cpe:/a:novell:opensuse:cross-ppc64le-binutils", "p-cpe:/a:novell:opensuse:cross-riscv64-binutils", "p-cpe:/a:novell:opensuse:cross-rx-binutils", "p-cpe:/a:novell:opensuse:cross-s390-binutils", "p-cpe:/a:novell:opensuse:cross-s390x-binutils", "p-cpe:/a:novell:opensuse:cross-sparc-binutils", "p-cpe:/a:novell:opensuse:cross-sparc64-binutils", "p-cpe:/a:novell:opensuse:cross-spu-binutils", "p-cpe:/a:novell:opensuse:cross-xtensa-binutils", "p-cpe:/a:novell:opensuse:libctf-nobfd0", "p-cpe:/a:novell:opensuse:libctf0", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1475.NASL", "href": "https://www.tenable.com/plugins/nessus/155362", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1475-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155362);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/16\");\n\n script_cve_id(\n \"CVE-2020-16590\",\n \"CVE-2020-16591\",\n \"CVE-2020-16592\",\n \"CVE-2020-16593\",\n \"CVE-2020-16598\",\n \"CVE-2020-16599\",\n \"CVE-2020-35448\",\n \"CVE-2020-35493\",\n \"CVE-2020-35496\",\n \"CVE-2020-35507\",\n \"CVE-2021-3487\",\n \"CVE-2021-20197\",\n \"CVE-2021-20284\",\n \"CVE-2021-20294\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : binutils (openSUSE-SU-2021:1475-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1475-1 advisory.\n\n - A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35\n in the process_symbol_table, as demonstrated in readelf, via a crafted file. (CVE-2020-16590)\n\n - A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to\n an invalid read in process_symbol_table, as demonstrated in readeif. (CVE-2020-16591)\n\n - A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils\n 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.\n (CVE-2020-16592)\n\n - A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd),\n as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can\n cause a denial of service via a crafted file. (CVE-2020-16593)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by\n its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2020-16598)\n\n - A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd),\n as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new,\n that can cause a denial of service via a crafted file. (CVE-2020-16599)\n\n - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU\n Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because\n sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. (CVE-2020-35448)\n\n - A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed\n by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to\n application availability. This flaw affects binutils versions prior to 2.34. (CVE-2020-35493)\n\n - There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who\n is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The\n greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to\n 2.34. (CVE-2020-35496)\n\n - There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which\n could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL\n pointer dereference. The greatest threat of this flaw is to application availability. (CVE-2020-35507)\n\n - There is an open race window when writing output in the following utilities in GNU binutils version 2.35\n and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as\n part of a script updating binaries across different users), an unprivileged user can trick these utilities\n into getting ownership of arbitrary files through a symlink. (CVE-2021-20197)\n\n - A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in\n _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The\n highest threat from this vulnerability is to system availability. (CVE-2021-20284)\n\n - A flaw was found in binutils readelf 2.35 program. An attacker who is able to convince a victim using\n readelf to read a crafted file could trigger a stack buffer overflow, out-of-bounds write of arbitrary\n data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and\n availability. (CVE-2021-20294)\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted\n file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system\n availability by way of excessive memory consumption. (CVE-2021-3487)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179899\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184794\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191473\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192267\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N6RYWEZ5BKTK6UEP6HAB7B466BPC3SMJ/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e65fd1d8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3487\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20294\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:binutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:binutils-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:binutils-gold\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bpftrace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:bpftrace-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-aarch64-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-arm-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-avr-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-epiphany-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-hppa-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-hppa64-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-i386-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-ia64-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-m68k-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-mips-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-ppc-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-ppc64-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-ppc64le-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-riscv64-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-rx-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-s390-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-s390x-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-sparc-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-sparc64-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-spu-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cross-xtensa-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libctf-nobfd0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libctf0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'binutils-2.37-lp152.4.9.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'binutils-devel-2.37-lp152.4.9.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'binutils-devel-32bit-2.37-lp152.4.9.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'binutils-gold-2.37-lp152.4.9.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftrace-0.11.4-lp152.2.7.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftrace-tools-0.11.4-lp152.2.7.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-aarch64-binutils-2.37-lp152.4.9.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-arm-binutils-2.37-lp152.4.9.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-avr-binutils-2.37-lp152.4.9.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-epiphany-binutils-2.37-lp152.4.9.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-hppa-binutils-2.37-lp152.4.9.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-hppa64-binutils-2.37-lp152.4.9.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-i386-binutils-2.37-lp152.4.9.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-ia64-binutils-2.37-lp152.4.9.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-m68k-binutils-2.37-lp152.4.9.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-mips-binutils-2.37-lp152.4.9.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-ppc-binutils-2.37-lp152.4.9.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-ppc64-binutils-2.37-lp152.4.9.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-ppc64le-binutils-2.37-lp152.4.9.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-riscv64-binutils-2.37-lp152.4.9.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-rx-binutils-2.37-lp152.4.9.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-s390-binutils-2.37-lp152.4.9.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-s390x-binutils-2.37-lp152.4.9.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-sparc-binutils-2.37-lp152.4.9.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-sparc64-binutils-2.37-lp152.4.9.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-spu-binutils-2.37-lp152.4.9.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cross-xtensa-binutils-2.37-lp152.4.9.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libctf-nobfd0-2.37-lp152.4.9.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libctf0-2.37-lp152.4.9.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'binutils / binutils-devel / binutils-devel-32bit / binutils-gold / etc');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-06T18:40:31", "description": "The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3593-1 advisory.\n\n - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\\0' character.\n (CVE-2019-12972)\n\n - An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. (CVE-2019-14250)\n\n - apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf. (CVE-2019-14444)\n\n - find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. (CVE-2019-17450)\n\n - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm. (CVE-2019-17451)\n\n - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c. (CVE-2019-9074)\n\n - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.\n (CVE-2019-9075)\n\n - An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section. (CVE-2019-9077)\n\n - A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35 in the process_symbol_table, as demonstrated in readelf, via a crafted file. (CVE-2020-16590)\n\n - A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif. (CVE-2020-16591)\n\n - A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.\n (CVE-2020-16592)\n\n - A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can cause a denial of service via a crafted file. (CVE-2020-16593)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2020-16598)\n\n - A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new, that can cause a denial of service via a crafted file. (CVE-2020-16599)\n\n - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. (CVE-2020-35448)\n\n - A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. (CVE-2020-35493)\n\n - There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to 2.34. (CVE-2020-35496)\n\n - There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The greatest threat of this flaw is to application availability. (CVE-2020-35507)\n\n - There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. (CVE-2021-20197)\n\n - A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in\n _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The highest threat from this vulnerability is to system availability. (CVE-2021-20284)\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption. (CVE-2021-3487)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-11-03T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : binutils (SUSE-SU-2021:3593-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-12972", "CVE-2019-14250", "CVE-2019-14444", "CVE-2019-17450", "CVE-2019-17451", "CVE-2019-9074", "CVE-2019-9075", "CVE-2019-9077", "CVE-2020-16590", "CVE-2020-16591", "CVE-2020-16592", "CVE-2020-16593", "CVE-2020-16598", "CVE-2020-16599", "CVE-2020-35448", "CVE-2020-35493", "CVE-2020-35496", "CVE-2020-35507", "CVE-2021-20197", "CVE-2021-20284", "CVE-2021-3487"], "modified": "2021-11-03T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:binutils", "p-cpe:/a:novell:suse_linux:binutils-devel", "p-cpe:/a:novell:suse_linux:binutils-gold", "p-cpe:/a:novell:suse_linux:cross-ppc-binutils", "p-cpe:/a:novell:suse_linux:cross-spu-binutils", "p-cpe:/a:novell:suse_linux:libctf-nobfd0", "p-cpe:/a:novell:suse_linux:libctf0", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-3593-1.NASL", "href": "https://www.tenable.com/plugins/nessus/154861", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3593-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154861);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/03\");\n\n script_cve_id(\n \"CVE-2019-9074\",\n \"CVE-2019-9075\",\n \"CVE-2019-9077\",\n \"CVE-2019-12972\",\n \"CVE-2019-14250\",\n \"CVE-2019-14444\",\n \"CVE-2019-17450\",\n \"CVE-2019-17451\",\n \"CVE-2020-16590\",\n \"CVE-2020-16591\",\n \"CVE-2020-16592\",\n \"CVE-2020-16593\",\n \"CVE-2020-16598\",\n \"CVE-2020-16599\",\n \"CVE-2020-35448\",\n \"CVE-2020-35493\",\n \"CVE-2020-35496\",\n \"CVE-2020-35507\",\n \"CVE-2021-3487\",\n \"CVE-2021-20197\",\n \"CVE-2021-20284\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3593-1\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : binutils (SUSE-SU-2021:3593-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:3593-1 advisory.\n\n - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU\n Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in\n elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\\0' character.\n (CVE-2019-12972)\n\n - An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in\n simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant\n heap-based buffer overflow. (CVE-2019-14250)\n\n - apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to\n trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as\n demonstrated by readelf. (CVE-2019-14444)\n\n - find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as\n distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion\n and application crash) via a crafted ELF file. (CVE-2019-17450)\n\n - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU\n Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c,\n as demonstrated by nm. (CVE-2019-17451)\n\n - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU\n Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from\n pex64_get_runtime_function in pei-x86_64.c. (CVE-2019-9074)\n\n - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU\n Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c.\n (CVE-2019-9075)\n\n - An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific\n in readelf.c via a malformed MIPS option section. (CVE-2019-9077)\n\n - A double free vulnerability exists in the Binary File Descriptor (BFD) (aka libbrd) in GNU Binutils 2.35\n in the process_symbol_table, as demonstrated in readelf, via a crafted file. (CVE-2020-16590)\n\n - A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to\n an invalid read in process_symbol_table, as demonstrated in readeif. (CVE-2020-16591)\n\n - A use after free issue exists in the Binary File Descriptor (BFD) library (aka libbfd) in GNU Binutils\n 2.34 in bfd_hash_lookup, as demonstrated in nm-new, that can cause a denial of service via a crafted file.\n (CVE-2020-16592)\n\n - A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd),\n as distributed in GNU Binutils 2.35, in scan_unit_for_symbols, as demonstrated in addr2line, that can\n cause a denial of service via a crafted file. (CVE-2020-16593)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by\n its CNA. Further investigation showed that it was not a security issue. Notes: none. (CVE-2020-16598)\n\n - A Null Pointer Dereference vulnerability exists in the Binary File Descriptor (BFD) library (aka libbfd),\n as distributed in GNU Binutils 2.35, in _bfd_elf_get_symbol_version_string, as demonstrated in nm-new,\n that can cause a denial of service via a crafted file. (CVE-2020-16599)\n\n - An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU\n Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because\n sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. (CVE-2020-35448)\n\n - A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed\n by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to\n application availability. This flaw affects binutils versions prior to 2.34. (CVE-2020-35493)\n\n - There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutils which could allow an attacker who\n is able to submit a crafted file to be processed by objdump to cause a NULL pointer dereference. The\n greatest threat of this flaw is to application availability. This flaw affects binutils versions prior to\n 2.34. (CVE-2020-35496)\n\n - There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutils in versions prior to 2.34 which\n could allow an attacker who is able to submit a crafted file to be processed by objdump to cause a NULL\n pointer dereference. The greatest threat of this flaw is to application availability. (CVE-2020-35507)\n\n - There is an open race window when writing output in the following utilities in GNU binutils version 2.35\n and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as\n part of a script updating binaries across different users), an unprivileged user can trick these utilities\n into getting ownership of arbitrary files through a symlink. (CVE-2021-20197)\n\n - A flaw was found in GNU Binutils 2.35.1, where there is a heap-based buffer overflow in\n _bfd_elf_slurp_secondary_reloc_section in elf.c due to the number of symbols not calculated correctly. The\n highest threat from this vulnerability is to system availability. (CVE-2021-20284)\n\n - There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted\n file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system\n availability by way of excessive memory consumption. (CVE-2021-3487)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1126826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1126829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1126831\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1140126\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1142649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1143609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1153768\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1153770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1157755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1160254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1160590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1163333\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1163744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179899\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179903\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184794\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-November/009687.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c459db79\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-12972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14250\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-14444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-17451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9075\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-9077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-16599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35496\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3487\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-9077\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:binutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:binutils-gold\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cross-ppc-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cross-spu-binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libctf-nobfd0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libctf0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED12 / SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP5\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3|4|5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3/4/5\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'binutils-2.37-9.39.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'binutils-devel-2.37-9.39.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'libctf-nobfd0-2.37-9.39.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'libctf0-2.37-9.39.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.3'},\n {'reference':'binutils-2.37-9.39.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'binutils-devel-2.37-9.39.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'libctf-nobfd0-2.37-9.39.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'libctf0-2.37-9.39.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.4'},\n {'reference':'binutils-2.37-9.39.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'binutils-devel-2.37-9.39.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libctf-nobfd0-2.37-9.39.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'libctf0-2.37-9.39.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'SLES_SAP-release-12.5'},\n {'reference':'binutils-devel-2.37-9.39.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'binutils-devel-2.37-9.39.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'binutils-gold-2.37-9.39.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'binutils-gold-2.37-9.39.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'cross-ppc-binutils-2.37-9.39.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'cross-ppc-binutils-2.37-9.39.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'cross-spu-binutils-2.37-9.39.1', 'sp':'5', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'cross-spu-binutils-2.37-9.39.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sle-sdk-release-12.5'},\n {'reference':'binutils-2.37-9.39.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'binutils-devel-2.37-9.39.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libctf-nobfd0-2.37-9.39.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'libctf0-2.37-9.39.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.2'},\n {'reference':'binutils-2.37-9.39.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'binutils-2.37-9.39.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'binutils-devel-2.37-9.39.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'binutils-devel-2.37-9.39.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'libctf-nobfd0-2.37-9.39.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'libctf-nobfd0-2.37-9.39.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'libctf0-2.37-9.39.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'libctf0-2.37-9.39.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.3'},\n {'reference':'binutils-2.37-9.39.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'binutils-devel-2.37-9.39.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'libctf-nobfd0-2.37-9.39.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'libctf0-2.37-9.39.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.4'},\n {'reference':'binutils-2.37-9.39.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'binutils-devel-2.37-9.39.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libctf-nobfd0-2.37-9.39.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'},\n {'reference':'libctf0-2.37-9.39.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'sles-release-12.5'}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n if (!rpm_exists(release:release, rpm:exists_check)) continue;\n if ('ltss' >< tolower(exists_check)) ltss_caveat_required = TRUE;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'binutils / binutils-devel / binutils-gold / cross-ppc-binutils / etc');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:30", "description": "\n\nHao Wang reports:\n\n\n\t There's a flaw in the BFD library of binutils in versions before 2.36.\n\t An attacker who supplies a crafted file to an application linked with BFD,\n\t and using the DWARF functionality, could cause an impact to system\n\t availability by way of excessive memory consumption.\n\t \n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-11-25T00:00:00", "type": "freebsd", "title": "binutils -- excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section()", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3487"], "modified": "2020-11-25T00:00:00", "id": "F4C54B81-BCC8-11EB-A7A6-080027F515EA", "href": "https://vuxml.freebsd.org/freebsd/f4c54b81-bcc8-11eb-a7a6-080027f515ea.html", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "photon": [{"lastseen": "2021-11-03T08:46:52", "description": "An update of {'binutils'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-05-04T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2021-1.0-0386", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3487"], "modified": "2021-05-04T00:00:00", "id": "PHSA-2021-1.0-0386", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-386", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-11-03T20:56:46", "description": "An update of {'binutils'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-05-04T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2021-2.0-0341", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3487"], "modified": "2021-05-04T00:00:00", "id": "PHSA-2021-2.0-0341", "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-341", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-05-12T18:43:22", "description": "Updates of ['binutils'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-05-04T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-0230", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3487"], "modified": "2021-05-04T00:00:00", "id": "PHSA-2021-0230", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-230", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-11-03T11:55:54", "description": "An update of {'binutils'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-05-04T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2021-3.0-0230", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3487"], "modified": "2021-05-04T00:00:00", "id": "PHSA-2021-3.0-0230", "href": "https://github.com/vmware/photon/wiki/Security-Updates-3.0-230", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-05-12T18:57:01", "description": "Updates of ['rust', 'binutils'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-05-04T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2021-0017", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28876", "CVE-2021-28878", "CVE-2021-28879", "CVE-2021-3487"], "modified": "2021-05-04T00:00:00", "id": "PHSA-2021-0017", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-17", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-03T17:55:55", "description": "An update of {'rust', 'binutils'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-04T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2021-4.0-0017", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28876", "CVE-2021-28878", "CVE-2021-28879", "CVE-2021-3487"], "modified": "2021-05-04T00:00:00", "id": "PHSA-2021-4.0-0017", "href": "https://github.com/vmware/photon/wiki/Security-Updates-4.0-17", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-12T18:16:38", "description": "Updates of ['linux', 'binutils'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-04-29T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0341", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2021-22555", "CVE-2021-3487"], "modified": "2021-04-29T00:00:00", "id": "PHSA-2021-0341", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-341", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhatcve": [{"lastseen": "2022-06-08T11:11:58", "description": "There's a flaw in the BFD library of binutils. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.\n#### Mitigation\n\nMitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. \n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-04-08T20:52:11", "type": "redhatcve", "title": "CVE-2021-3487", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3487"], "modified": "2022-06-08T08:15:07", "id": "RH:CVE-2021-3487", "href": "https://access.redhat.com/security/cve/cve-2021-3487", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "fedora": [{"lastseen": "2021-07-28T14:46:52", "description": "Cross compiled binutils (utilities like 'strip', 'as', 'ld') which understand Windows executables and DLLs. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-04-20T15:01:47", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: mingw-binutils-2.32-10.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3487"], "modified": "2021-04-20T15:01:47", "id": "FEDORA:04FEC308D481", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Q6V2LF5AVOUTHPYY2O5TRNAIXVMXFDGL/", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-07-28T14:46:52", "description": "Cross compiled binutils (utilities like 'strip', 'as', 'ld') which understand Windows executables and DLLs. ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-04-24T20:24:37", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: mingw-binutils-2.34-8.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3487"], "modified": "2021-04-24T20:24:37", "id": "FEDORA:0D9123142B12", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3Z3KSJY3CLAAFFT7FNFCJOMDITPQGN56/", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2022-03-23T18:47:07", "description": "There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-04-15T14:15:00", "type": "cve", "title": "CVE-2021-3487", "cwe": ["CWE-20", "CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3487"], "modified": "2021-05-04T12:55:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:fedoraproject:fedora:34", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "CVE-2021-3487", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3487", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"]}], "cloudlinux": [{"lastseen": "2022-01-13T17:27:09", "description": "- CVE-2021-3487: excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section().", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-10-05T14:07:07", "type": "cloudlinux", "title": "Fix of CVE: CVE-2021-3487", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3487"], "modified": "2021-10-05T14:07:07", "id": "CLSA-2021:1633442827", "href": "https://repo.cloudlinux.com/centos6-els/updateinfo.xml", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-09-23T14:36:23", "description": "- CVE-2021-3487: excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section().", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-09-23T12:14:20", "type": "cloudlinux", "title": "Fix of CVE: CVE-2021-3487", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3487"], "modified": "2021-09-23T12:14:20", "id": "CLSA-2021:1632399260", "href": "https://repo.cloudlinux.com/centos6-els/updateinfo.xml", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:21:54", "description": "There's a flaw in the BFD library of binutils in versions before 2.36. An\nattacker who supplies a crafted file to an application linked with BFD, and\nusing the DWARF functionality, could cause an impact to system availability\nby way of excessive memory consumption.\n\n#### Bugs\n\n * <https://sourceware.org/bugzilla/show_bug.cgi?id=26946>\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-04-15T00:00:00", "type": "ubuntucve", "title": "CVE-2021-3487", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3487"], "modified": "2021-04-15T00:00:00", "id": "UB:CVE-2021-3487", "href": "https://ubuntu.com/security/CVE-2021-3487", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "debiancve": [{"lastseen": "2022-06-28T01:57:39", "description": "There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-04-15T14:15:00", "type": "debiancve", "title": "CVE-2021-3487", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3487"], "modified": "2021-04-15T14:15:00", "id": "DEBIANCVE:CVE-2021-3487", "href": "https://security-tracker.debian.org/tracker/CVE-2021-3487", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "cloudfoundry": [{"lastseen": "2021-10-28T13:42:02", "description": "## Severity\n\nLow\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 18.04\n\n## Description\n\nSeveral security issues were fixed in GNU binutils.\n\nCVEs contained in this USN include: CVE-2020-16592, CVE-2021-3487.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is low unless otherwise noted._\n\n * Bionic Stemcells \n * 1.x versions\n * All other stemcells not listed.\n * cflinuxfs3 \n * All versions prior to 0.263.0\n * CF Deployment \n * All versions\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Bionic Stemcells \n * There are no fixed versions of this product\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n * cflinuxfs3 \n * Upgrade all versions to 0.263.0 or greater\n * CF Deployment \n * There are no fixed versions of this product\n\n## References\n\n * [USN Notice](<https://ubuntu.com/security/notices/USN-5124-1>)\n * [CVE-2020-16592](<https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-16592.html>)\n * [CVE-2021-3487](<https://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3487.html>)\n\n## History\n\n2021-10-28: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-10-28T00:00:00", "type": "cloudfoundry", "title": "USN-5124-1: GNU binutils vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16592", "CVE-2021-3487"], "modified": "2021-10-28T00:00:00", "id": "CFOUNDRY:C2A733A6A41CFD9A15E4264F63B47838", "href": "https://www.cloudfoundry.org/blog/usn-5124-1-gnu-binutils-vulnerabilities/", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-04-22T07:40:45", "description": "## Severity\n\nLow\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 16.04\n\n## Description\n\nIt was discovered that GNU binutils incorrectly handled checks for memory allocation when parsing relocs in a corrupt file. An attacker could possibly use this issue to cause a denial of service. (CVE-2017-17122) It was discovered that GNU binutils incorrectly handled certain corrupt DWARF debug sections. An attacker could possibly use this issue to cause GNU binutils to consume memory, resulting in a denial of service. (CVE-2021-3487) It was discovered that GNU binutils incorrectly performed bounds checking operations when parsing stabs debugging information. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2021-45078)\n\nCVEs contained in this USN include: CVE-2017-17122, CVE-2021-3487, CVE-2021-45078.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is low unless otherwise noted._\n\n * CF Deployment \n * All versions with Xenial Stemcells prior to 621.224\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * CF Deployment \n * For all versions, upgrade Xenial Stemcells to 621.224 or greater\n\n## References\n\n * [USN Notice](<https://ubuntu.com/security/notices/USN-5341-1>)\n * [CVE-2017-17122](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17122>)\n * [CVE-2021-3487](<https://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3487.html>)\n * [CVE-2021-45078](<https://ubuntu.com/security/CVE-2021-45078>)\n\n## History\n\n2022-04-21: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-04-21T00:00:00", "type": "cloudfoundry", "title": "USN-5341-1: GNU binutils vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17122", "CVE-2021-3487", "CVE-2021-45078"], "modified": "2022-04-21T00:00:00", "id": "CFOUNDRY:C69B2A981297F86160FB9DC0663EBA6C", "href": "https://www.cloudfoundry.org/blog/usn-5341-1-gnu-binutils-vulnerabilities/", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "mageia": [{"lastseen": "2022-04-18T11:19:35", "description": "This update provides binutils 2.36.1 and fixes at least the following security issues: There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption (CVE-2021-3487). There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink (CVE-2021-20197). For more info about the 2.36 update, see the sourceware link. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-07-12T20:26:21", "type": "mageia", "title": "Updated binutils packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20197", "CVE-2021-3487"], "modified": "2021-07-12T20:26:21", "id": "MGASA-2021-0341", "href": "https://advisories.mageia.org/MGASA-2021-0341.html", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T10:36:15", "description": "It was discovered that GNU binutils incorrectly handled certain hash \nlookups. An attacker could use this issue to cause GNU binutils to crash, \nresulting in a denial of service, or possibly execute arbitrary code. \n(CVE-2020-16592)\n\nIt was discovered that GNU binutils incorrectly handled certain corrupt \nDWARF debug sections. An attacker could possibly use this issue to cause \nGNU binutils to consume memory, resulting in a denial of service. \n(CVE-2021-3487)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-10-25T00:00:00", "type": "ubuntu", "title": "GNU binutils vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3487", "CVE-2020-16592"], "modified": "2021-10-25T00:00:00", "id": "USN-5124-1", "href": "https://ubuntu.com/security/notices/USN-5124-1", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-03-22T19:29:29", "description": "It was discovered that GNU binutils incorrectly handled checks for memory \nallocation when parsing relocs in a corrupt file. An attacker could possibly \nuse this issue to cause a denial of service. (CVE-2017-17122)\n\nIt was discovered that GNU binutils incorrectly handled certain corrupt DWARF \ndebug sections. An attacker could possibly use this issue to cause GNU \nbinutils to consume memory, resulting in a denial of service. (CVE-2021-3487)\n\nIt was discovered that GNU binutils incorrectly performed bounds checking \noperations when parsing stabs debugging information. An attacker could \npossibly use this issue to cause a denial of service or execute arbitrary \ncode. (CVE-2021-45078)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 5.9}, "published": "2022-03-22T00:00:00", "type": "ubuntu", "title": "GNU binutils vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-17122", "CVE-2021-3487", "CVE-2021-45078"], "modified": "2022-03-22T00:00:00", "id": "USN-5341-1", "href": "https://ubuntu.com/security/notices/USN-5341-1", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "amazon": [{"lastseen": "2021-09-15T19:45:10", "description": "**Issue Overview:**\n\nAn issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. (CVE-2020-35448)\n\nA flaw was found in binutils' readelf program. An attacker who is able to convince a victim using readelf to read a crafted file, could trigger a stack buffer overflow, out-of-bounds write of arbitrary data supplied by the attacker. The highest impact of this flaw is to confidentiality, integrity, and availability. (CVE-2021-20294)\n\nThere's a flaw in the BFD library of binutils. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption. (CVE-2021-3487)\n\n \n**Affected Packages:** \n\n\ngcc10-binutils\n\n \n**Issue Correction:** \nRun _yum update gcc10-binutils_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n \u00a0\u00a0\u00a0 gcc10-binutils-2.35-21.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 gcc10-binutils-devel-2.35-21.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 gcc10-binutils-gold-2.35-21.amzn2.0.1.aarch64 \n \u00a0\u00a0\u00a0 gcc10-binutils-debuginfo-2.35-21.amzn2.0.1.aarch64 \n \n i686: \n \u00a0\u00a0\u00a0 gcc10-binutils-2.35-21.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 gcc10-binutils-devel-2.35-21.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 gcc10-binutils-gold-2.35-21.amzn2.0.1.i686 \n \u00a0\u00a0\u00a0 gcc10-binutils-debuginfo-2.35-21.amzn2.0.1.i686 \n \n src: \n \u00a0\u00a0\u00a0 gcc10-binutils-2.35-21.amzn2.0.1.src \n \n x86_64: \n \u00a0\u00a0\u00a0 gcc10-binutils-2.35-21.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 gcc10-binutils-devel-2.35-21.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 gcc10-binutils-gold-2.35-21.amzn2.0.1.x86_64 \n \u00a0\u00a0\u00a0 gcc10-binutils-debuginfo-2.35-21.amzn2.0.1.x86_64 \n \n \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-08T23:35:00", "type": "amazon", "title": "Medium: gcc10-binutils", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35448", "CVE-2021-20294", "CVE-2021-3487"], "modified": "2021-09-15T17:42:00", "id": "ALAS2-2021-1702", "href": "https://alas.aws.amazon.com/AL2/ALAS-2021-1702.html", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "almalinux": [{"lastseen": "2022-05-12T14:58:15", "description": "The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.\n\nSecurity Fix(es):\n\n* binutils: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section() (CVE-2021-3487)\n\n* binutils: Race window allows users to own arbitrary files (CVE-2021-20197)\n\n* binutils: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section() in elf.c (CVE-2020-35448)\n\n* binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (CVE-2021-20284)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-11-09T09:11:20", "type": "almalinux", "title": "Moderate: binutils security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35448", "CVE-2021-20197", "CVE-2021-20284", "CVE-2021-3487"], "modified": "2021-11-12T10:20:56", "id": "ALSA-2021:4364", "href": "https://errata.almalinux.org/8/ALSA-2021-4364.html", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2021-11-16T22:30:38", "description": "[2.30-108.0.2]\n- Forward-port the following update:\n [2.30-93.0.4\n - Backport fix for fencepost bug in CTF pptrtab usage causing coredumps\n - Backport test result fixes for new GCC-based CTF generation\n [Orabug: 33344570]\n - Reviewed-by: David Faust \n- Reviewed-by: Jose E. Marchesi \n[2.30-108.0.1]\n- Forward-port Oracle patches from 2.30-93.0.3 to 2.30-108.0.1\n- Reviewed-by: Elena Zannoni ", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-11-16T00:00:00", "type": "oraclelinux", "title": "binutils security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35448", "CVE-2021-20197", "CVE-2021-20284", "CVE-2021-3487"], "modified": "2021-11-16T00:00:00", "id": "ELSA-2021-4364", "href": "http://linux.oracle.com/errata/ELSA-2021-4364.html", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2021-11-22T18:39:33", "description": "The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.\n\nSecurity Fix(es):\n\n* binutils: Excessive debug section size can cause excessive memory consumption in bfd's dwarf2.c read_section() (CVE-2021-3487)\n\n* binutils: Race window allows users to own arbitrary files (CVE-2021-20197)\n\n* binutils: Heap-based buffer overflow in bfd_getl_signed_32() in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section() in elf.c (CVE-2020-35448)\n\n* binutils: Heap-based buffer overflow in _bfd_elf_slurp_secondary_reloc_section in elf.c (CVE-2021-20284)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-11-09T09:11:20", "type": "redhat", "title": "(RHSA-2021:4364) Moderate: binutils security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35448", "CVE-2021-20197", "CVE-2021-20284", "CVE-2021-3487"], "modified": "2021-11-09T14:09:31", "id": "RHSA-2021:4364", "href": "https://access.redhat.com/errata/RHSA-2021:4364", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-12-16T20:44:43", "description": "Openshift Logging Bug Fix Release (5.0.10)\n\nSecurity Fix(es):\n\n* log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value (CVE-2021-44228)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-12-14T21:31:08", "type": "redhat", "title": "(RHSA-2021:5137) Moderate: Openshift Logging Security Release (5.0.10)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20673", "CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-14615", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-0427", "CVE-2020-10001", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14145", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-17541", "CVE-2020-24370", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-27777", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-35448", "CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524", "CVE-2020-36158", "CVE-2020-36312", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-20194", "CVE-2021-20197", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20239", "CVE-2021-20266", "CVE-2021-20284", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-23133", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31535", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-3200", "CVE-2021-33033", "CVE-2021-33200", "CVE-2021-3348", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3481", "CVE-2021-3487", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3572", "CVE-2021-3573", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-3600", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3635", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3712", "CVE-2021-3732", "CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3800", "CVE-2021-42574", "CVE-2021-43527", "CVE-2021-44228", "CVE-2021-45046"], "modified": "2021-12-15T13:05:11", "id": "RHSA-2021:5137", "href": "https://access.redhat.com/errata/RHSA-2021:5137", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-22T18:39:11", "description": "Openshift Logging Bug Fix Release (5.3.0)\n\nSecurity Fix(es):\n\n* golang: x/net/html: infinite loop in ParseFragment (CVE-2021-33194)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-11-15T12:52:28", "type": "redhat", "title": "(RHSA-2021:4627) Moderate: Openshift Logging 5.3.0 bug fix and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20673", "CVE-2018-25009", "CVE-2018-25010", "CVE-2018-25012", "CVE-2018-25013", "CVE-2018-25014", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-14615", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-0427", "CVE-2020-10001", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14145", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-17541", "CVE-2020-24370", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-27777", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-35448", "CVE-2020-35521", "CVE-2020-35522", "CVE-2020-35523", "CVE-2020-35524", "CVE-2020-36158", "CVE-2020-36312", "CVE-2020-36330", "CVE-2020-36331", "CVE-2020-36332", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-20194", "CVE-2021-20197", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20239", "CVE-2021-20266", "CVE-2021-20284", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-23133", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31535", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-3200", "CVE-2021-33033", "CVE-2021-33194", "CVE-2021-33200", "CVE-2021-3348", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3481", "CVE-2021-3487", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3572", "CVE-2021-3573", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-3600", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3635", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3732", "CVE-2021-3778", "CVE-2021-3796", "CVE-2021-3800", "CVE-2021-42574"], "modified": "2021-11-15T12:52:54", "id": "RHSA-2021:4627", "href": "https://access.redhat.com/errata/RHSA-2021:4627", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2022-06-28T22:09:54", "description": "## Summary\n\nGNU binutils is used by IBM Netezza Analytics. IBM Netezza Analytics has addressed the applicable CVEs by upgrading GNU binutils to latest version 2.36.1\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-20284](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20284>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a heap-based buffer overflow in the _bfd_elf_slurp_secondary_reloc_section function in elf.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198864](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198864>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3487](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3487>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a flaw in the read_section() function in dwarf2.c in the BFD library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause excessive memory consumption. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200073](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200073>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-20294](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20294>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the readelf program. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201042](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201042>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-35448](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35448>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s) \u200b| Version(s) \n---|--- \nIBM Netezza Analytics| 3.3.8 and lower \n \n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| Remediation/Fix \n---|---|--- \nIBM Netezza Analytics| 3.3.9| [Link to Fix Central](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FNetezza+Applications&release=ANALYTICS_3.3&platform=All&function=fixId&fixids=3.3.9.0-IM-Netezza-ANALYTICS-fp6794> \"Link to Fix Central\" ) \n \n \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Acknowledgement\n\n## Change History\n\n19 May 2021: Original Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU053\",\"label\":\"Cloud & Data Platform\"},\"Product\":{\"code\":\"SSULQD\",\"label\":\"IBM PureData System\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Version\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-05-19T08:06:38", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in GNU binutils affect IBM Netezza Analytics", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35448", "CVE-2021-20284", "CVE-2021-20294", "CVE-2021-3487"], "modified": "2021-05-19T08:06:38", "id": "C1F45166D363983B658722AAEB826E837D7E416749A72DF1B0BAF618923467C3", "href": "https://www.ibm.com/support/pages/node/6454439", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-06-28T22:12:08", "description": "## Summary\n\nGNU Binutils is used by IBM Netezza Platform Software. IBM Netezza Platform Software has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-20294](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20294>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the readelf program. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/201042](<https://exchange.xforce.ibmcloud.com/vulnerabilities/201042>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3487](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3487>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a flaw in the read_section() function in dwarf2.c in the BFD library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause excessive memory consumption. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200073](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200073>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-35448](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35448>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-16590](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16590>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a double free vulnerability in process_symbol_table in Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192876](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192876>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-20197](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20197>) \n** DESCRIPTION: **GNU binutils could allow a local authenticated attacker to bypass security restrictions, caused by an open race window flaw when writing output in the ar, objcopy, strip, ranlib utilities. By using a specially-crafted symlink, an attacker could exploit this vulnerability to allow the utilities to get the ownership of arbitrary files. \nCVSS Base score: 4.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198863](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198863>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2021-20284](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20284>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a heap-based buffer overflow in the _bfd_elf_slurp_secondary_reloc_section function in elf.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198864](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198864>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Netezza Platform Software | 4.6.8-4.6.12.P5 \nIBM Netezza Platform Software| 5.0.10-5.2.2.P5 \nIBM Netezza Platform Software| 6.0.3-6.1.P2 \nIBM Netezza Platform Software| 7.0-7.2.1.10.P2 \n \n\n\n## Remediation/Fixes\n\n_Product_| _VRMF_| _Remediation/First Fix_ \n---|---|--- \n_IBM Netezza Platform Software_| _7.2.1.11_| [Fix Central Link](<https://www.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FInformation+Management%2FNetezza+NPS+Software+and+Clients&release=NPS_7.2.1&platform=All&function=fixId&fixids=7.2.1.11-IM-Netezza-NPS-fp7885> \"Fix Central Link\" ) \n \n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n06 Aug 2021: Original Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU004\",\"label\":\"Hybrid Cloud\"},\"Product\":{\"code\":\"SSULQD\",\"label\":\"PureData System for Analytics\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Versions\",\"Edition\":\"\"}]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-06T10:58:00", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16590", "CVE-2020-35448", "CVE-2021-20197", "CVE-2021-20284", "CVE-2021-20294", "CVE-2021-3487"], "modified": "2021-08-06T10:58:00", "id": "1319453AF7DA9A0E5B8BE48087B02A8E5A84EA3B6A853343249689E5E6D3071B", "href": "https://www.ibm.com/support/pages/node/6479365", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-06-28T22:12:22", "description": "## Summary\n\nGNU Binutils is used by IBM Netezza Platform Server. IBM Netezza Platform Server has addressed the applicable CVEs.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2018-18607](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18607>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a NULL pointer dereference in the elf_link_input_bfd in elflink.c in the in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151863](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151863>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-18606](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18606>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a NULL pointer dereference in the merge_strings function in merge.c in the in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151865](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151865>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-18605](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18605>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a heap-based buffer over-read in the function sec_merge_hash_lookup in merge.c in the in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151866](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151866>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-18309](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18309>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by an invalid memory address dereference in the read_reloc function in reloc.c in libbfd. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151272](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151272>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2018-20712](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20712>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a heap-based buffer over-read flaw in the d_expression_1 function in cp-demangle.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155560](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155560>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-1000876](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000876>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc. By using a specially-crafted file, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/154802](<https://exchange.xforce.ibmcloud.com/vulnerabilities/154802>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2018-19931](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19931>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the bfd_elf32_swap_phdr_in function in elfcode.h in libbfd. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/154006](<https://exchange.xforce.ibmcloud.com/vulnerabilities/154006>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2018-19932](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19932>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by an integer overflow in the IS_CONTAINED_BY_LMA function in elf.c in libbfd. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/154007](<https://exchange.xforce.ibmcloud.com/vulnerabilities/154007>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2018-17794](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17794>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a NULL pointer dereference in the cplus-dem.c in GNU libiberty. By using a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150692](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150692>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-17360](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17360>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a heap-based buffer over-read in bfd_getl32 in libbfd.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150339](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150339>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-17359](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17359>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by an invalid memory access in bfd_zalloc in opncls.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150340](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150340>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-17358](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17358>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by an invalid memory access in _bfd_stab_section_find_nearest_line in syms.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150341](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150341>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-20651](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20651>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a NULL pointer dereference in the elf_link_add_object_symbols function in elflink.c in libbfd. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155037](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155037>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-20623](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20623>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155055](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155055>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-14250](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14250>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a heap-based buffer overflow, caused by an integer overflow in simple_object_elf_match in simple-object-elf.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and cause the application to crash. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164245](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164245>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-14444](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14444>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by an integer overflow in the byte_put_little_endian function in elfcomm.cc in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted ELF file, a remote attacker could cause a denial of service. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/164817](<https://exchange.xforce.ibmcloud.com/vulnerabilities/164817>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-9073](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9073>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c. in the Binary File Descriptor (BFD) library (aka libbfd). By using a specially-crafted file, a local attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/157928](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157928>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-9074](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9074>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd). By using a specially-crafted file, a local attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/157927](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157927>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-9075](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9075>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c in the Binary File Descriptor (BFD) library (aka libbfd). By using a specially-crafted file, a local attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/157926](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157926>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-18700](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18700>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a stack consumption in cp-demangle.c in GNU libiberty. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/152134](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152134>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-17985](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17985>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a stack-based buffer overflow in the cplus_demangle_type function. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a stack consumption. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/150934](<https://exchange.xforce.ibmcloud.com/vulnerabilities/150934>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-18484](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18484>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a n error in the C++ demangling functions in cp-demangle.c in GNU libiberty. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to consume all available stack resources. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/151736](<https://exchange.xforce.ibmcloud.com/vulnerabilities/151736>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-18701](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18701>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a stack consumption in cp-demangle.c in GNU libiberty. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/152133](<https://exchange.xforce.ibmcloud.com/vulnerabilities/152133>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-12972](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12972>) \n** DESCRIPTION: **GNU binutils is vulnerable to a denial of service, caused by a heap-based buffer over-read in the bfd_doprnt in bfd.c of libbfd. By using a specially-crafted file, a local attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/166630](<https://exchange.xforce.ibmcloud.com/vulnerabilities/166630>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-20671](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20671>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the load_specific_debug_section function in objdump.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155167](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155167>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2018-20673](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20673>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the demangle_template function in cplus-dem.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155168](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155168>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2018-20002](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20002>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a memory leak in the _bfd_generic_read_minisymbols function in syms.c in libbfd. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/154100](<https://exchange.xforce.ibmcloud.com/vulnerabilities/154100>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-17451](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17451>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by an integer overflow in _bfd_dwarf2_find_nearest_line in dwarf2.c in inary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169072](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169072>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-17450](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17450>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by an infinite recursion in find_abstract_instance in dwarf2.c in inary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/169075](<https://exchange.xforce.ibmcloud.com/vulnerabilities/169075>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-9070](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9070>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a heap-based buffer overflow, caused by a buffer over-read flaw in the d_expression_1 function in cp-demangle.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/157912](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157912>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-9071](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9071>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a stack-based buffer overflow, caused by a stack consumption flaw in the d_count_templates_scopes function in cp-demangle.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/157913](<https://exchange.xforce.ibmcloud.com/vulnerabilities/157913>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-35448](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35448>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/193875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/193875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-16599](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16599>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a NULL pointer dereference vulnerability in _bfd_elf_get_symbol_version_string (nm-new) in Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192886](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192886>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-16592](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16592>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a use-after-free vulnerability in bfd_hash_lookup (nm-new) in Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192896](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192896>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-16590](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16590>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a double free vulnerability in process_symbol_table in Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192876](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192876>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-16593](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16593>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a NULL pointer dereference vulnerability in scan_unit_for_symbols (addr2line) in Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192895](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192895>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-16591](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16591>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by an invalid read in process_symbol_table in Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/192875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/192875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-3487](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3487>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by a flaw in the read_section() function in dwarf2.c in the BFD library. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause excessive memory consumption. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200073](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200073>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-35495](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35495>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by NULL pointer dereference in the bfd_pef_parse_symbols function in bfd/pef.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file with corrupt dwarf1 debug information, a remote attacker could cause a denial of service. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194213](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194213>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-35496](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35496>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by NULL pointer dereference in the bfd_pef_scan_start_address() of bfd/pef.c. in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file with corrupt dwarf1 debug information, a remote attacker could cause a denial of service. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194210](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194210>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-35493](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35493>) \n** DESCRIPTION: **GNU Binutils is vulnerable a heap-based buffer overflow, caused by improper bounds checking in bfd_pef_parse_function_stubs in bfd/pef.c. By persuading a victim to open a specially crafted file, a remote attacker could overflow a buffer to cause an out-of-bounds read, leading to a denial of service. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194222](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194222>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-35507](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35507>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by NULL pointer dereference in the bfd_pef_parse_function_stubs of bfd/pef.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file with corrupt dwarf1 debug information, a remote attacker could cause a denial of service. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194206](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194206>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-35494](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35494>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a denial of service, caused by the usage of uninitialized memory in /opcodes/tic4x-dis.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted file with corrupt dwarf1 debug information, a remote attacker could cause a denial of service. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194221](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194221>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Netezza Performance Server| IBM Netezza Performance Server 11.2.0.0 \n \n \n\n\n \n\n\n## Remediation/Fixes\n\nProduct| VRMF| Remediation/Fix \n---|---|--- \nIBM Netezza Performance Server| 11.2.1.0| [Fix Central Link](<https://www-945.ibm.com/support/fixcentral/swg/selectFixes?product=ibm%2FWebSphere%2FIBM+Cloud+Private+for+Data+System&release=NPS_11.2&platform=All&function=fixId&fixids=11.2.1.0-WS-ICPDS-NPS-fp5218> \"Fix Central Link\" ) \n \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n21 Apr 2021: Original Publication\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n## Document Location\n\nWorldwide\n\n[{\"Business Unit\":{\"code\":\"BU059\",\"label\":\"IBM Software w\\/o TPS\"},\"Product\":{\"code\":\"SSTNZ3\",\"label\":\"IBM Netezza for Cloud Pak for Data\"},\"Component\":\"\",\"Platform\":[{\"code\":\"PF025\",\"label\":\"Platform Independent\"}],\"Version\":\"All Versions\",\"Edition\":\"\",\"Line of Business\":{\"code\":\"LOB10\",\"label\":\"Data and AI\"}}]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-31T03:16:48", "type": "ibm", "title": "Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Performance Server", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000876", "CVE-2018-17358", "CVE-2018-17359", "CVE-2018-17360", "CVE-2018-17794", "CVE-2018-17985", "CVE-2018-18309", "CVE-2018-18484", "CVE-2018-18605", "CVE-2018-18606", "CVE-2018-18607", "CVE-2018-18700", "CVE-2018-18701", "CVE-2018-19931", "CVE-2018-19932", "CVE-2018-20002", "CVE-2018-20623", "CVE-2018-20651", "CVE-2018-20671", "CVE-2018-20673", "CVE-2018-20712", "CVE-2019-12972", "CVE-2019-14250", "CVE-2019-14444", "CVE-2019-17450", "CVE-2019-17451", "CVE-2019-9070", "CVE-2019-9071", "CVE-2019-9073", "CVE-2019-9074", "CVE-2019-9075", "CVE-2020-16590", "CVE-2020-16591", "CVE-2020-16592", "CVE-2020-16593", "CVE-2020-16599", "CVE-2020-35448", "CVE-2020-35493", "CVE-2020-35494", "CVE-2020-35495", "CVE-2020-35496", "CVE-2020-35507", "CVE-2021-3487"], "modified": "2022-05-31T03:16:48", "id": "505AA9046670EC3A58A3F57E2932EB46B317BDB83A271F3A6627D59B7D958183", "href": "https://www.ibm.com/support/pages/node/6445777", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "suse": [{"lastseen": "2022-06-14T11:58:52", "description": "An update that solves 13 vulnerabilities, contains four\n features and has one errata is now available.\n\nDescription:\n\n This update for binutils fixes the following issues:\n\n Update to binutils 2.37:\n\n * The GNU Binutils sources now requires a C99 compiler and library to\n build.\n * Support for Realm Management Extension (RME) for AArch64 has been added.\n * A new linker option '-z report-relative-reloc' for x86 ELF targets has\n been added to report dynamic relative relocations.\n * A new linker option '-z start-stop-gc' has been added to disable special\n treatment of __start_*/__stop_* references when\n --gc-sections.\n * A new linker options '-Bno-symbolic' has been added which will cancel\n the '-Bsymbolic' and '-Bsymbolic-functions' options.\n * The readelf tool has a new command line option which can be used to\n specify how the numeric values of symbols are reported.\n --sym-base=0|8|10|16 tells readelf to display the values in base 8, base\n 10 or base 16. A sym base of 0 represents the default action\n of displaying values under 10000 in base 10 and values above that in\n base 16.\n * A new format has been added to the nm program. Specifying\n '--format=just-symbols' (or just using -j) will tell the program to\n only display symbol names and nothing else.\n * A new command line option '--keep-section-symbols' has been added to\n objcopy and strip. This stops the removal of unused section symbols\n when the file is copied. Removing these symbols saves space, but\n sometimes they are needed by other tools.\n * The '--weaken', '--weaken-symbol' and '--weaken-symbols' options\n supported by objcopy now make undefined symbols weak on targets that\n support weak symbols.\n * Readelf and objdump can now display and use the contents of .debug_sup\n sections.\n * Readelf and objdump will now follow links to separate debug info files\n by default. This behaviour can be stopped via the use of the new '-wN'\n or '--debug-dump=no-follow-links' options for readelf and the '-WN' or\n '--dwarf=no-follow-links' options for objdump. Also the old behaviour\n can be restored by the use of the '--enable-follow-debug-links=no'\n configure time option.\n\n The semantics of the =follow-links option have also been slightly\n changed. When enabled, the option allows for the loading of symbol tables\n and string tables from the separate files which can be used to enhance the\n information displayed when dumping other sections, but it does not\n automatically imply that information from the separate files should be\n displayed.\n\n If other debug section display options are also enabled (eg\n '--debug-dump=info') then the contents of matching sections in both the\n main file and the separate debuginfo file *will* be displayed. This is\n because in most cases the debug section will only be present in one of the\n files.\n\n If however non-debug section display options are enabled (eg\n '--sections') then the contents of matching parts of the separate\n debuginfo file will *not* be displayed. This is because in most cases the\n user probably only wanted to load the symbol information from the separate\n debuginfo file. In order to change this behaviour a new command line\n option --process-links can be used. This will allow di0pslay options to\n applied to both the main file and any separate debuginfo files.\n\n * Nm has a new command line option: '--quiet'. This suppresses \"no\n symbols\" diagnostic.\n\n Update to binutils 2.36:\n\n New features in the Assembler:\n\n - General:\n\n * When setting the link order attribute of ELF sections, it is now\n possible to use a numeric section index instead of symbol name.\n * Added a .nop directive to generate a single no-op instruction in a\n target neutral manner. This instruction does have an effect on DWARF\n line number generation, if that is active.\n * Removed --reduce-memory-overheads and --hash-size as gas now uses\n hash tables that can be expand and shrink automatically.\n\n - X86/x86_64:\n\n * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key Locker\n instructions.\n * Support non-absolute segment values for lcall and ljmp.\n * Add {disp16} pseudo prefix to x86 assembler.\n * Configure with --enable-x86-used-note by default for Linux/x86.\n\n - ARM/AArch64:\n\n * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1, Cortex-R82,\n Neoverse V1, and Neoverse N2 cores.\n * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded Trace\n Extension), TRBE (Trace Buffer Extension), CSRE (Call Stack Recorder\n Extension) and BRBE (Branch Record Buffer Extension) system registers.\n * Add support for Armv8-R and Armv8.7-A ISA extensions.\n * Add support for DSB memory nXS barrier, WFET and WFIT instruction for\n Armv8.7.\n * Add support for +csre feature for -march. Add CSR PDEC instruction\n for CSRE feature in AArch64.\n * Add support for +flagm feature for -march in Armv8.4 AArch64.\n * Add support for +ls64 feature for -march in Armv8.7 AArch64. Add\n atomic 64-byte load/store instructions for this feature.\n * Add support for +pauth (Pointer Authentication) feature for\n -march in AArch64.\n\n New features in the Linker:\n\n * Add --error-handling-script=<NAME> command line option to allow a\n helper script to be invoked when an undefined symbol or a missing\n library is encountered. This option can be suppressed via the\n configure time switch: --enable-error-handling-script=no.\n * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark\n x86-64-{baseline|v[234]} ISA level as needed.\n * Add -z unique-symbol to avoid duplicated local symbol names.\n * The creation of PE format DLLs now defaults to using a more secure set\n of DLL characteristics.\n * The linker now deduplicates the types in .ctf sections. The new\n command-line option --ctf-share-types describes how to do this: its\n default value, share-unconflicted, produces the most compact\n output.\n * The linker now omits the \"variable section\" from .ctf sections by\n default, saving space. This is almost certainly what you want unless\n you are working on a project that has its own analogue of symbol\n tables that are not reflected in the ELF symtabs.\n\n New features in other binary tools:\n\n * The ar tool's previously unused l modifier is now used for specifying\n dependencies of a static library. The arguments of this option (or\n --record-libdeps long form option) will be stored verbatim in the\n __.LIBDEP member of the archive, which the linker may read at link\n time.\n * Readelf can now display the contents of LTO symbol table sections when\n asked to do so via the --lto-syms command line\n option.\n * Readelf now accepts the -C command line option to enable the\n demangling of symbol names. In addition the --demangle=<style>,\n --no-demangle, --recurse-limit and --no-recurse-limit options are also\n now availale.\n\n The following security fixes are addressed by the update:\n\n - CVE-2021-20197: Fixed a race condition which allows users to own\n arbitrary files (bsc#1181452).\n - CVE-2021-20284: Fixed a heap-based buffer overflow in\n _bfd_elf_slurp_secondary_reloc_section in elf.c (bsc#1183511).\n - CVE-2021-3487: Fixed a denial of service via excessive debug section\n size causing excessive memory consumption in bfd's dwarf2.c\n read_section() (bsc#1184620).\n - CVE-2020-35448: Fixed a heap-based buffer over-read in\n bfd_getl_signed_32() in libbfd.c (bsc#1184794).\n - CVE-2020-16590: Fixed a double free vulnerability in\n process_symbol_table() (bsc#1179898).\n - CVE-2020-16591: Fixed an invalid read in process_symbol_table()\n (bsc#1179899).\n - CVE-2020-16592: Fixed an use-after-free in bfd_hash_lookup()\n (bsc#1179900).\n - CVE-2020-16593: Fixed a null pointer dereference in\n scan_unit_for_symbols() (bsc#1179901).\n - CVE-2020-16598: Fixed a null pointer dereference in\n debug_get_real_type() (bsc#1179902).\n - CVE-2020-16599: Fixed a null pointer dereference in\n _bfd_elf_get_symbol_version_string() (bsc#1179903)\n - CVE-2020-35493: Fixed heap-based buffer overflow in\n bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file\n (bsc#1180451).\n - CVE-2020-35496: Fixed multiple null pointer dereferences in bfd module\n due to not checking return value of bfd_malloc (bsc#1180454).\n - CVE-2020-35507: Fixed a null pointer dereference in\n bfd_pef_parse_function_stubs() (bsc#1180461).\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2021-3616=1", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-11-04T00:00:00", "type": "suse", "title": "Security update for binutils (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16590", "CVE-2020-16591", "CVE-2020-16592", "CVE-2020-16593", "CVE-2020-16598", "CVE-2020-16599", "CVE-2020-35448", "CVE-2020-35493", "CVE-2020-35496", "CVE-2020-35507", "CVE-2021-20197", "CVE-2021-20284", "CVE-2021-3487"], "modified": "2021-11-04T00:00:00", "id": "OPENSUSE-SU-2021:3616-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4TQ3DLF5YEQDDJUON6WGBX2HVVM7FOLB/", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2022-04-18T12:39:56", "description": "An update that solves 14 vulnerabilities, contains four\n features and has 5 fixes is now available.\n\nDescription:\n\n This update for binutils fixes the following issues:\n\n Update to binutils 2.37:\n\n * The GNU Binutils sources now requires a C99 compiler and library to\n build.\n * Support for Realm Management Extension (RME) for AArch64 has been added.\n * A new linker option '-z report-relative-reloc' for x86 ELF targets has\n been added to report dynamic relative relocations.\n * A new linker option '-z start-stop-gc' has been added to disable special\n treatment of __start_*/__stop_* references when\n --gc-sections.\n * A new linker options '-Bno-symbolic' has been added which will cancel\n the '-Bsymbolic' and '-Bsymbolic-functions' options.\n * The readelf tool has a new command line option which can be used to\n specify how the numeric values of symbols are reported.\n --sym-base=0|8|10|16 tells readelf to display the values in base 8, base\n 10 or base 16. A sym base of 0 represents the default action\n of displaying values under 10000 in base 10 and values above that in\n base 16.\n * A new format has been added to the nm program. Specifying\n '--format=just-symbols' (or just using -j) will tell the program to\n only display symbol names and nothing else.\n * A new command line option '--keep-section-symbols' has been added to\n objcopy and strip. This stops the removal of unused section symbols\n when the file is copied. Removing these symbols saves space, but\n sometimes they are needed by other tools.\n * The '--weaken', '--weaken-symbol' and '--weaken-symbols' options\n supported by objcopy now make undefined symbols weak on targets that\n support weak symbols.\n * Readelf and objdump can now display and use the contents of .debug_sup\n sections.\n * Readelf and objdump will now follow links to separate debug info files\n by default. This behaviour can be stopped via the use of the new '-wN'\n or '--debug-dump=no-follow-links' options for readelf and the '-WN' or\n '--dwarf=no-follow-links' options for objdump. Also the old behaviour\n can be restored by the use of the '--enable-follow-debug-links=no'\n configure time option.\n\n The semantics of the =follow-links option have also been slightly\n changed. When enabled, the option allows for the loading of symbol tables\n and string tables from the separate files which can be used to enhance the\n information displayed when dumping other sections, but it does not\n automatically imply that information from the separate files should be\n displayed.\n\n If other debug section display options are also enabled (eg\n '--debug-dump=info') then the contents of matching sections in both the\n main file and the separate debuginfo file *will* be displayed. This is\n because in most cases the debug section will only be present in one of the\n files.\n\n If however non-debug section display options are enabled (eg\n '--sections') then the contents of matching parts of the separate\n debuginfo file will *not* be displayed. This is because in most cases the\n user probably only wanted to load the symbol information from the separate\n debuginfo file. In order to change this behaviour a new command line\n option --process-links can be used. This will allow di0pslay options to\n applied to both the main file and any separate debuginfo files.\n\n * Nm has a new command line option: '--quiet'. This suppresses \"no\n symbols\" diagnostic.\n\n Update to binutils 2.36:\n\n New features in the Assembler:\n\n - General:\n\n * When setting the link order attribute of ELF sections, it is now\n possible to use a numeric section index instead of symbol name.\n * Added a .nop directive to generate a single no-op instruction in a\n target neutral manner. This instruction does have an effect on DWARF\n line number generation, if that is active.\n * Removed --reduce-memory-overheads and --hash-size as gas now uses\n hash tables that can be expand and shrink automatically.\n\n - X86/x86_64:\n\n * Add support for AVX VNNI, HRESET, UINTR, TDX, AMX and Key Locker\n instructions.\n * Support non-absolute segment values for lcall and ljmp.\n * Add {disp16} pseudo prefix to x86 assembler.\n * Configure with --enable-x86-used-note by default for Linux/x86.\n\n - ARM/AArch64:\n\n * Add support for Cortex-A78, Cortex-A78AE and Cortex-X1, Cortex-R82,\n Neoverse V1, and Neoverse N2 cores.\n * Add support for ETMv4 (Embedded Trace Macrocell), ETE (Embedded Trace\n Extension), TRBE (Trace Buffer Extension), CSRE (Call Stack Recorder\n Extension) and BRBE (Branch Record Buffer Extension) system registers.\n * Add support for Armv8-R and Armv8.7-A ISA extensions.\n * Add support for DSB memory nXS barrier, WFET and WFIT instruction for\n Armv8.7.\n * Add support for +csre feature for -march. Add CSR PDEC instruction\n for CSRE feature in AArch64.\n * Add support for +flagm feature for -march in Armv8.4 AArch64.\n * Add support for +ls64 feature for -march in Armv8.7 AArch64. Add\n atomic 64-byte load/store instructions for this feature.\n * Add support for +pauth (Pointer Authentication) feature for\n -march in AArch64.\n\n New features in the Linker:\n\n * Add --error-handling-script=<NAME> command line option to allow a\n helper script to be invoked when an undefined symbol or a missing\n library is encountered. This option can be suppressed via the\n configure time switch: --enable-error-handling-script=no.\n * Add -z x86-64-{baseline|v[234]} to the x86 ELF linker to mark\n x86-64-{baseline|v[234]} ISA level as needed.\n * Add -z unique-symbol to avoid duplicated local symbol names.\n * The creation of PE format DLLs now defaults to using a more secure set\n of DLL characteristics.\n * The linker now deduplicates the types in .ctf sections. The new\n command-line option --ctf-share-types describes how to do this: its\n default value, share-unconflicted, produces the most compact\n output.\n * The linker now omits the \"variable section\" from .ctf sections by\n default, saving space. This is almost certainly what you want unless\n you are working on a project that has its own analogue of symbol\n tables that are not reflected in the ELF symtabs.\n\n New features in other binary tools:\n\n * The ar tool's previously unused l modifier is now used for specifying\n dependencies of a static library. The arguments of this option (or\n --record-libdeps long form option) will be stored verbatim in the\n __.LIBDEP member of the archive, which the linker may read at link\n time.\n * Readelf can now display the contents of LTO symbol table sections when\n asked to do so via the --lto-syms command line\n option.\n * Readelf now accepts the -C command line option to enable the\n demangling of symbol names. In addition the --demangle=<style>,\n --no-demangle, --recurse-limit and --no-recurse-limit options are also\n now availale.\n\n Other fixes:\n\n - For compatibility on old code stream that expect 'brcl 0,label' to not\n be disassembled as 'jgnop label' on s390x. (bsc#1192267) This reverts\n IBM zSeries HLASM support for now.\n - Fixed that ppc64 optflags did not enable LTO (bsc#1188941).\n - Fix empty man-pages from broken release tarball\n - Fixed a memory corruption with rpath option (bsc#1191473).\n - Fixed slow performance of stripping some binaries (bsc#1183909).\n\n The following security fixes are addressed by the update:\n\n - CVE-2021-20197: Fixed a race condition which allows users to own\n arbitrary files (bsc#1181452).\n - CVE-2021-20284: Fixed a heap-based buffer overflow in\n _bfd_elf_slurp_secondary_reloc_section in elf.c (bsc#1183511).\n - CVE-2021-3487: Fixed a denial of service via excessive debug section\n size causing excessive memory consumption in bfd's dwarf2.c\n read_section() (bsc#1184620).\n - CVE-2020-35448: Fixed a heap-based buffer over-read in\n bfd_getl_signed_32() in libbfd.c (bsc#1184794).\n - CVE-2020-16590: Fixed a double free vulnerability in\n process_symbol_table() (bsc#1179898).\n - CVE-2020-16591: Fixed an invalid read in process_symbol_table()\n (bsc#1179899).\n - CVE-2020-16592: Fixed an use-after-free in bfd_hash_lookup()\n (bsc#1179900).\n - CVE-2020-16593: Fixed a null pointer dereference in\n scan_unit_for_symbols() (bsc#1179901).\n - CVE-2020-16598: Fixed a null pointer dereference in\n debug_get_real_type() (bsc#1179902).\n - CVE-2020-16599: Fixed a null pointer dereference in\n _bfd_elf_get_symbol_version_string() (bsc#1179903)\n - CVE-2020-35493: Fixed heap-based buffer overflow in\n bfd_pef_parse_function_stubs function in bfd/pef.c via crafted PEF file\n (bsc#1180451).\n - CVE-2020-35496: Fixed multiple null pointer dereferences in bfd module\n due to not checking return value of bfd_malloc (bsc#1180454).\n - CVE-2020-35507: Fixed a null pointer dereference in\n bfd_pef_parse_function_stubs() (bsc#1180461).\n - CVE-2021-20294: Fixed out-of-bounds write in print_dynamic_symbol in\n readelf (bnc#1184519)\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.2:\n\n zypper in -t patch openSUSE-2021-1475=1", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-15T00:00:00", "type": "suse", "title": "Security update for binutils (moderate)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-16590", "CVE-2020-16591", "CVE-2020-16592", "CVE-2020-16593", "CVE-2020-16598", "CVE-2020-16599", "CVE-2020-35448", "CVE-2020-35493", "CVE-2020-35496", "CVE-2020-35507", "CVE-2021-20197", "CVE-2021-20284", "CVE-2021-20294", "CVE-2021-3487"], "modified": "2021-11-15T00:00:00", "id": "OPENSUSE-SU-2021:1475-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/N6RYWEZ5BKTK6UEP6HAB7B466BPC3SMJ/", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}]}