Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2019-2075.NASL
HistorySep 05, 2023 - 12:00 a.m.

Oracle Linux 7 : binutils (ELSA-2019-2075)

2023-09-0500:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
JSON

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2075 advisory.

  • An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30.
    Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg, demangle_args, and demangle_nested_args. This can occur during execution of nm-new. (CVE-2018-12641)

  • A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump. (CVE-2018-12697)

  • binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code… This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f. (CVE-2018-1000876)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2019-2075.
##

include('compat.inc');

if (description)
{
  script_id(180505);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/05");

  script_cve_id("CVE-2018-12641", "CVE-2018-12697", "CVE-2018-1000876");

  script_name(english:"Oracle Linux 7 : binutils (ELSA-2019-2075)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ELSA-2019-2075 advisory.

  - An issue was discovered in arm_pt in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30.
    Stack Exhaustion occurs in the C++ demangling functions provided by libiberty, and there are recursive
    stack frames: demangle_arm_hp_template, demangle_class_name, demangle_fund_type, do_type, do_arg,
    demangle_args, and demangle_nested_args. This can occur during execution of nm-new. (CVE-2018-12641)

  - A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in
    work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can
    occur during execution of objdump. (CVE-2018-12697)

  - binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump,
    bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow
    trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to
    be exploitable via Local. This vulnerability appears to have been fixed in after commit
    3a551c7a1b80fca579461774860574eabfd7f18f. (CVE-2018-1000876)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2019-2075.html");
  script_set_attribute(attribute:"solution", value:
"Update the affected binutils and / or binutils-devel packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1000876");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/08/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:binutils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:binutils-devel");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Oracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_release = get_kb_item("Host/RedHat/release");
if (isnull(os_release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);

var pkgs = [
    {'reference':'binutils-2.27-41.base.0.2.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'binutils-devel-2.27-41.base.0.2.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'binutils-devel-2.27-41.base.0.1.el7', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'binutils-2.27-41.base.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'binutils-devel-2.27-41.base.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release) {
    if (exists_check) {
        if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
    } else {
        if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
    }
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'binutils / binutils-devel');
}
VendorProductVersionCPE
oraclelinux7cpe:/o:oracle:linux:7
oraclelinuxbinutilsp-cpe:/a:oracle:linux:binutils
oraclelinuxbinutils-develp-cpe:/a:oracle:linux:binutils-devel

Related

nessus 31
amazon 1
oraclelinux 1
centos 1
redhat 1
veracode 3
f5 3
cve 3
ibm 6
osv 4
debiancve 2
redhatcve 3
ubuntucve 9
openvas 20
prion 3
gentoo 1
cloudlinux 4
ubuntu 3
photon 6
cloudfoundry 1
suse 2
nessus
nessus
NewStart CGSL CORE 5.04 / MAIN 5.04 : binutils Multiple Vulnerabilities (NS-SA-2019-0187)
2019-10-15 00:00:00
NewStart CGSL CORE 5.05 / MAIN 5.05 : binutils Multiple Vulnerabilities (NS-SA-2019-0228)
2019-12-31 00:00:00
Amazon Linux 2 : binutils (ALAS-2019-1358)
2019-11-15 00:00:00
amazon
amazon
Medium: binutils
2019-11-11 17:35:00
oraclelinux
oraclelinux
binutils security and bug fix update
2019-08-13 00:00:00
centos
centos
binutils security update
2019-08-30 02:35:38
redhat
redhat
(RHSA-2019:2075) Moderate: binutils security and bug fix update
2019-08-06 07:58:08
veracode
veracode
Arbitrary Code Execution
2019-08-08 00:07:17
Denial Of Service (Dos)
2019-08-08 00:07:18
Denial Of Service (Dos)
2019-08-08 00:07:18
f5
f5
K43871899 : binutils vulnerability CVE-2018-1000876
2022-08-05 00:00:00
K92254835 : Binutils vulnerability CVE-2018-12641
2022-08-05 00:00:00
K01152385 : Binutils vulnerabilities CVE-2018-8945, CVE-2018-12697, CVE-2018-12698, CVE-2018-12699, and CVE-2018-12700
2018-07-23 00:00:00
cve
cve
CVE-2018-1000876
2018-12-20 17:29:00
CVE-2018-12697
2018-06-23 23:29:00
CVE-2018-12641
2018-06-22 12:29:00
ibm
ibm
Security Bulletin: A security vulnerability has been identified in Red Hat&#174; Enterprise Linux (RHEL) Server shipped with PurePower Integrated Manager (PPIM)
2019-12-20 08:47:33
Security Bulletin: Multiple Vulnerabilities in GNU binutils affects IBM Watson Studio Local
2019-12-20 14:31:33
Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software clients.
2020-07-23 09:47:08
osv
osv
CVE-2018-1000876
2018-12-20 17:29:01
CVE-2018-12697
2018-06-23 23:29:00
CVE-2018-12641
2018-06-22 12:29:00
debiancve
debiancve
CVE-2018-1000876
2018-12-20 17:29:00
CVE-2018-12697
2018-06-23 23:29:00
redhatcve
redhatcve
CVE-2018-1000876
2020-01-06 09:47:33
CVE-2018-12641
2020-03-23 07:58:52
CVE-2018-12697
2019-10-10 05:49:06
ubuntucve
ubuntucve
CVE-2018-1000876
2018-12-20 00:00:00
CVE-2018-12697
2018-06-23 00:00:00
CVE-2018-12641
2018-06-22 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2019-1089)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2019-1231)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2019-1790)
2020-01-23 00:00:00
prion
prion
Null pointer dereference
2018-06-23 23:29:00
Integer overflow
2018-12-20 17:29:00
Stack overflow
2018-06-22 12:29:00
gentoo
gentoo
Binutils: Multiple vulnerabilities
2019-08-03 00:00:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-45078, CVE-2018-9138, CVE-2018-17985, CVE-2018-12641, CVE-2018-12699, CVE-2018-12698, CVE-2018-12697, CVE-2018-12700, CVE-2018-18484, CVE-2018-18701, CVE-2018-12934, CVE-2018-18700, CVE-2018-17794, CVE-2018-18483
2021-12-29 15:09:05
Fix of 14 CVEs
2022-01-11 12:27:33
Fix of CVE: CVE-2018-18605, CVE-2019-12972, CVE-2016-4490, CVE-2018-6543, CVE-2018-19931, CVE-2018-10535, CVE-2019-17450, CVE-2018-7643, CVE-2016-4487, CVE-2016-4492, CVE-2018-20002, CVE-2018-1000876, CVE-2019-9073, CVE-2019-9075, CVE-2018-20671, CVE-2016-4488, CVE-2018-7568, CVE-2018-7642, CVE-2018-10373, CVE-2018-6323, CVE-2016-2226, CVE-2016-4493, CVE-2018-19932, CVE-2018-6759, CVE-2019-9077, CVE-2018-18607, CVE-2018-8945, CVE-2018-7208, CVE-2016-6131, CVE-2018-13033, CVE-2018-20623, CVE-2019-14444, CVE-2018-18309, CVE-2018-18606, CVE-2018-7569, CVE-2016-4489
2021-12-16 16:02:14
ubuntu
ubuntu
libiberty vulnerabilities
2020-04-08 00:00:00
GNU binutils vulnerabilities
2020-04-22 00:00:00
GNU binutils vulnerabilities
2021-07-21 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0134
2019-02-25 00:00:00
Important Photon OS Security Update - PHSA-2019-0134
2019-02-25 00:00:00
Critical Photon OS Security Update - PHSA-2019-0209
2019-02-20 00:00:00
cloudfoundry
cloudfoundry
USN-4336-1: GNU binutils vulnerabilities | Cloud Foundry
2020-05-14 00:00:00
suse
suse
Security update for binutils (moderate)
2019-10-30 00:00:00
Security update for binutils (moderate)
2019-11-05 00:00:00
JSON
Related for ORACLELINUX_ELSA-2019-2075.NASL
nessus31amazon1oraclelinux1centos1redhat1veracode3f53cve3ibm6osv4debiancve2redhatcve3ubuntucve9openvas20prion3gentoo1cloudlinux4ubuntu3photon6cloudfoundry1suse2