Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT_UNPATCHED-GCC-RHEL7.NASL
HistoryMay 11, 2024 - 12:00 a.m.

RHEL 7 : gcc (Unpatched Vulnerability)

2024-05-1100:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
1
redhat enterprise linux 7
unpatched vulnerabilities
gcc
buffer overflow
use-after-free
integer overflow
denial of service
nessus scanner

6.5 Medium

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.3%

JSON

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  • gcc: Exploitable buffer overflow (CVE-2016-2226)

  • Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to btypevec. (CVE-2016-4487)

  • Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to ktypevec. (CVE-2016-4488)

  • Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to the demangling of virtual tables. (CVE-2016-4489)

  • Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types for lengths. (CVE-2016-4490)

  • The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a buffer overflow, related to a node having itself as ancestor more than once. (CVE-2016-4491)

  • Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a denial of service (segmentation fault and crash) via a crafted binary. (CVE-2016-4492)

  • The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.
    (CVE-2016-4493)

  • GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c.
    This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and memory resources. (CVE-2021-46195)

  • DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself. (CVE-2023-4039)

Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory gcc. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(196817);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/11");

  script_cve_id(
    "CVE-2016-2226",
    "CVE-2016-4487",
    "CVE-2016-4488",
    "CVE-2016-4489",
    "CVE-2016-4490",
    "CVE-2016-4491",
    "CVE-2016-4492",
    "CVE-2016-4493",
    "CVE-2021-46195",
    "CVE-2023-4039"
  );

  script_name(english:"RHEL 7 : gcc (Unpatched Vulnerability)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 7 host is affected by multiple vulnerabilities that will not be patched.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - gcc: Exploitable buffer overflow (CVE-2016-2226)

  - Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service
    (segmentation fault and crash) via a crafted binary, related to btypevec. (CVE-2016-4487)

  - Use-after-free vulnerability in libiberty allows remote attackers to cause a denial of service
    (segmentation fault and crash) via a crafted binary, related to ktypevec. (CVE-2016-4488)

  - Integer overflow in the gnu_special function in libiberty allows remote attackers to cause a denial of
    service (segmentation fault and crash) via a crafted binary, related to the demangling of virtual
    tables. (CVE-2016-4489)

  - Integer overflow in cp-demangle.c in libiberty allows remote attackers to cause a denial of service
    (segmentation fault and crash) via a crafted binary, related to inconsistent use of the long and int types
    for lengths. (CVE-2016-4490)

  - The d_print_comp function in cp-demangle.c in libiberty allows remote attackers to cause a denial of
    service (segmentation fault and crash) via a crafted binary, which triggers infinite recursion and a
    buffer overflow, related to a node having itself as ancestor more than once. (CVE-2016-4491)

  - Buffer overflow in the do_type function in cplus-dem.c in libiberty allows remote attackers to cause a
    denial of service (segmentation fault and crash) via a crafted binary. (CVE-2016-4492)

  - The demangle_template_value_parm and do_hpacc_template_literal functions in cplus-dem.c in libiberty allow
    remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted binary.
    (CVE-2016-4493)

  - GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c.
    This vulnerability allows attackers to cause a Denial of Service (DoS) by consuming excessive CPU and
    memory resources. (CVE-2021-46195)

  - **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows
    an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your
    application without this being detected. This stack-protector failure only applies to C99-style
    dynamically-sized local variables or those created using alloca(). The stack-protector operates as
    intended for statically-sized local variables. The default behavior when the stack-protector detects an
    overflow is to terminate your application, resulting in controlled loss of availability. An attacker who
    can exploit a buffer overflow without triggering the stack-protector might be able to change program flow
    control to cause an uncontrolled loss of availability or to go further and affect confidentiality or
    integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by
    itself. (CVE-2023-4039)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
  script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-2226");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/05/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:binutils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:binutils220");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:compat-gcc-295");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:compat-gcc-296");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:compat-gcc-32");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:compat-gcc-34");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:compat-gcc-44");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gcc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gcc44");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gdb");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'pkgs': [
      {'reference':'binutils', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'binutils', 'cves':['CVE-2016-2226', 'CVE-2016-4487', 'CVE-2016-4488', 'CVE-2016-4489', 'CVE-2016-4490', 'CVE-2016-4491', 'CVE-2016-4492', 'CVE-2016-4493']},
      {'reference':'compat-gcc-32', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'compat-gcc-32', 'cves':['CVE-2016-4491', 'CVE-2016-4492', 'CVE-2016-4493', 'CVE-2021-46195', 'CVE-2023-4039']},
      {'reference':'compat-gcc-34', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'compat-gcc-34'},
      {'reference':'compat-gcc-44', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'compat-gcc-44'},
      {'reference':'gcc', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'gcc'},
      {'reference':'gdb', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'gdb', 'cves':['CVE-2016-2226', 'CVE-2016-4487', 'CVE-2016-4488', 'CVE-2016-4489', 'CVE-2016-4490', 'CVE-2016-4491', 'CVE-2016-4492', 'CVE-2016-4493']}
    ]
  }
];


var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
  foreach var pkg ( constraint_array['pkgs'] ) {
    var unpatched_pkg = NULL;
    var _release = NULL;
    var sp = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (unpatched_pkg &&
        _release &&
        (!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
        unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : unpatched_packages_report()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'binutils / compat-gcc-32 / compat-gcc-34 / compat-gcc-44 / gcc / etc');
}
VendorProductVersionCPE
redhatenterprise_linux5cpe:/o:redhat:enterprise_linux:5
redhatenterprise_linux6cpe:/o:redhat:enterprise_linux:6
redhatenterprise_linux7cpe:/o:redhat:enterprise_linux:7
redhatenterprise_linuxbinutilsp-cpe:/a:redhat:enterprise_linux:binutils
redhatenterprise_linuxbinutils220p-cpe:/a:redhat:enterprise_linux:binutils220
redhatenterprise_linuxcompat-gcc-295p-cpe:/a:redhat:enterprise_linux:compat-gcc-295
redhatenterprise_linuxcompat-gcc-296p-cpe:/a:redhat:enterprise_linux:compat-gcc-296
redhatenterprise_linuxcompat-gcc-32p-cpe:/a:redhat:enterprise_linux:compat-gcc-32
redhatenterprise_linuxcompat-gcc-34p-cpe:/a:redhat:enterprise_linux:compat-gcc-34
redhatenterprise_linuxcompat-gcc-44p-cpe:/a:redhat:enterprise_linux:compat-gcc-44
Rows per page:
1-10 of 131

Related

nessus 48
openvas 42
ubuntu 4
osv 3
mageia 5
debian 1
cloudfoundry 1
ubuntucve 12
debiancve 10
cvelist 10
oraclelinux 4
almalinux 1
redhatcve 4
veracode 10
cve 10
nvd 10
redhat 1
prion 10
zdt 1
alpinelinux 1
cbl_mariner 1
amazon 2
cgr 1
wolfi 1
rosalinux 1
cloudlinux 2
ibm 2
photon 1
nessus
nessus
RHEL 6 : gcc (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 5 : gcc (Unpatched Vulnerability)
2024-05-11 00:00:00
Ubuntu 14.04 LTS / 16.04 LTS : Valgrind vulnerabilities (USN-3337-1)
2017-06-22 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2017-0222)
2022-01-28 00:00:00
Ubuntu: Security Advisory (USN-3337-1)
2017-06-22 00:00:00
Ubuntu: Security Advisory (USN-3368-1)
2017-07-27 00:00:00
ubuntu
ubuntu
libiberty vulnerabilities
2017-07-26 00:00:00
Valgrind vulnerabilities
2017-06-21 00:00:00
gdb vulnerabilities
2017-07-26 00:00:00
osv
osv
binutils - security update
2016-07-18 00:00:00
Low: mingw-gcc security and bug fix update
2022-11-15 00:00:00
binutils vulnerabilities
2021-07-21 13:08:04
mageia
mageia
Updated valgrind packages fix security vulnerabilities
2017-07-28 21:12:15
Updated gdb packages fix security vulnerability
2018-01-03 17:22:14
Updated binutils packages fix security vulnerability
2018-01-03 17:22:14
debian
debian
[SECURITY] [DLA 552-1] binutils security update
2016-07-18 08:45:05
cloudfoundry
cloudfoundry
USN-3367-1: gdb vulnerabilities | Cloud Foundry
2017-08-04 00:00:00
ubuntucve
ubuntucve
CVE-2016-4488
2017-02-24 00:00:00
CVE-2016-4493
2017-02-24 00:00:00
CVE-2016-4487
2017-02-24 00:00:00
debiancve
debiancve
CVE-2021-46195
2022-01-14 20:15:15
CVE-2016-4489
2017-02-24 20:59:00
CVE-2016-4490
2017-02-24 20:59:00
cvelist
cvelist
CVE-2021-46195
2022-01-14 19:16:12
CVE-2016-4487
2017-02-24 20:00:00
CVE-2016-4493
2017-02-24 20:00:00
oraclelinux
oraclelinux
mingw-gcc security and bug fix update
2022-11-22 00:00:00
cross-gcc security update
2023-09-12 00:00:00
cross-gcc security update
2023-09-12 00:00:00
almalinux
almalinux
Low: mingw-gcc security and bug fix update
2022-11-15 00:00:00
redhatcve
redhatcve
CVE-2021-46195
2022-01-26 14:53:17
CVE-2016-4493
2016-05-05 12:18:43
CVE-2016-4492
2016-05-05 12:18:47
veracode
veracode
Denial Of Service (DoS)
2022-09-28 05:39:59
Denial Of Service (DoS)
2020-09-21 06:34:05
Denial Of Service (DoS)
2020-09-21 06:31:46
cve
cve
CVE-2021-46195
2022-01-14 20:15:15
CVE-2016-4490
2017-02-24 20:59:00
CVE-2016-4487
2017-02-24 20:59:00
nvd
nvd
CVE-2021-46195
2022-01-14 20:15:15
CVE-2016-4488
2017-02-24 20:59:00
CVE-2016-4490
2017-02-24 20:59:00
redhat
redhat
(RHSA-2022:8415) Low: mingw-gcc security and bug fix update
2022-11-15 06:23:49
prion
prion
Design/Logic Flaw
2022-01-14 20:15:00
Integer overflow
2017-02-24 20:59:00
Design/Logic Flaw
2017-02-24 20:59:00
zdt
zdt
GNU libiberty - Buffer Overflow Exploit
2017-07-28 00:00:00
alpinelinux
alpinelinux
CVE-2023-4039
2023-09-13 09:15:15
cbl_mariner
cbl_mariner
CVE-2023-4039 affecting package gcc for versions less than 11.2.0-6
2023-09-27 18:02:50
amazon
amazon
Medium: gcc
2023-09-08 19:46:00
Medium: gcc10
2023-09-08 19:46:00
cgr
cgr
CVE-2023-4039 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2023-4039 vulnerabilities
2024-06-26 09:08:30
rosalinux
rosalinux
Advisory ROSA-SA-2024-2406
2024-04-23 12:04:19
cloudlinux
cloudlinux
Fix of 36 CVEs
2021-12-27 16:08:07
Fix of CVE: CVE-2018-18605, CVE-2019-12972, CVE-2016-4490, CVE-2018-6543, CVE-2018-19931, CVE-2018-10535, CVE-2019-17450, CVE-2018-7643, CVE-2016-4487, CVE-2016-4492, CVE-2018-20002, CVE-2018-1000876, CVE-2019-9073, CVE-2019-9075, CVE-2018-20671, CVE-2016-4488, CVE-2018-7568, CVE-2018-7642, CVE-2018-10373, CVE-2018-6323, CVE-2016-2226, CVE-2016-4493, CVE-2018-19932, CVE-2018-6759, CVE-2019-9077, CVE-2018-18607, CVE-2018-8945, CVE-2018-7208, CVE-2016-6131, CVE-2018-13033, CVE-2018-20623, CVE-2019-14444, CVE-2018-18309, CVE-2018-18606, CVE-2018-7569, CVE-2016-4489
2021-12-16 16:02:14
ibm
ibm
Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data 4.8.1 has addressed security vulnerabilities
2023-12-26 21:30:04
Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to multiple CVEs
2023-03-08 18:05:21
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0440
2023-07-29 00:00:00

6.5 Medium

AI Score

Confidence

High

0.026 Low

EPSS

Percentile

90.3%

JSON
Related for REDHAT_UNPATCHED-GCC-RHEL7.NASL
nessus48openvas42ubuntu4osv3mageia5debian1cloudfoundry1ubuntucve12debiancve10cvelist10oraclelinux4almalinux1redhatcve4veracode10cve10nvd10redhat1prion10zdt1alpinelinux1cbl_mariner1amazon2cgr1wolfi1rosalinux1cloudlinux2ibm2photon1