Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT_UNPATCHED_BINUTILS-RHEL8.NASL
HistoryJun 03, 2024 - 12:00 a.m.

RHEL 8 : binutils (Unpatched Vulnerability)

2024-06-0300:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
rhel 8
binutils
unpatched
vulnerabilities
heap-based buffer overflow
integer overflow
bfd library
denial of service
nessus
package manager

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.3%

JSON

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  • binutils: heap-based buffer overflow in finish_stab in stabs.c (CVE-2018-12699)

  • binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code… This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f. (CVE-2018-1000876)

  • The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab entry with a SECTION type that has a 0 value, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.
    (CVE-2018-10535)

Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory binutils. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(200030);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");

  script_cve_id(
    "CVE-2018-6872",
    "CVE-2018-10535",
    "CVE-2018-12641",
    "CVE-2018-12697",
    "CVE-2018-12698",
    "CVE-2018-12699",
    "CVE-2018-12700",
    "CVE-2018-12934",
    "CVE-2018-13033",
    "CVE-2018-17358",
    "CVE-2018-17360",
    "CVE-2018-17794",
    "CVE-2018-17985",
    "CVE-2018-18309",
    "CVE-2018-18483",
    "CVE-2018-18484",
    "CVE-2018-18605",
    "CVE-2018-18606",
    "CVE-2018-18607",
    "CVE-2018-18700",
    "CVE-2018-18701",
    "CVE-2018-19932",
    "CVE-2018-20002",
    "CVE-2018-20623",
    "CVE-2018-20651",
    "CVE-2018-20671",
    "CVE-2018-1000876",
    "CVE-2019-9071",
    "CVE-2019-9075",
    "CVE-2019-9077",
    "CVE-2019-12972",
    "CVE-2019-17451",
    "CVE-2020-16598",
    "CVE-2020-35448",
    "CVE-2020-35493",
    "CVE-2020-35494",
    "CVE-2020-35495",
    "CVE-2020-35496",
    "CVE-2020-35507",
    "CVE-2021-3487",
    "CVE-2021-20294",
    "CVE-2021-45078",
    "CVE-2022-38533",
    "CVE-2023-1972",
    "CVE-2023-25584",
    "CVE-2023-25585",
    "CVE-2023-25588"
  );

  script_name(english:"RHEL 8 : binutils (Unpatched Vulnerability)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 8 host is affected by multiple vulnerabilities that will not be patched.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - binutils: heap-based buffer overflow in finish_stab in stabs.c (CVE-2018-12699)

  - binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump,
    bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow
    trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to
    be exploitable via Local. This vulnerability appears to have been fixed in after commit
    3a551c7a1b80fca579461774860574eabfd7f18f. (CVE-2018-1000876)

  - The ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as
    distributed in GNU Binutils 2.30, does not validate the output_section pointer in the case of a symtab
    entry with a SECTION type that has a 0 value, which allows remote attackers to cause a denial of
    service (NULL pointer dereference and application crash) via a crafted file, as demonstrated by objcopy.
    (CVE-2018-10535)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
  script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-12699");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:binutils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gcc-toolset-10-binutils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gcc-toolset-11-binutils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gcc-toolset-12-binutils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gcc-toolset-9-binutils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mingw-binutils");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'pkgs': [
      {'reference':'binutils', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'binutils', 'cves':['CVE-2018-6872', 'CVE-2018-12641', 'CVE-2018-12697', 'CVE-2018-12698', 'CVE-2018-12699', 'CVE-2018-12700', 'CVE-2018-12934', 'CVE-2018-17360', 'CVE-2018-17794', 'CVE-2018-17985', 'CVE-2018-18309', 'CVE-2018-18483', 'CVE-2018-18484', 'CVE-2018-18605', 'CVE-2018-18606', 'CVE-2018-18607', 'CVE-2018-18700', 'CVE-2018-18701', 'CVE-2018-19932', 'CVE-2018-20002', 'CVE-2018-20623', 'CVE-2018-20651', 'CVE-2018-20671', 'CVE-2018-1000876', 'CVE-2019-9071', 'CVE-2019-9075', 'CVE-2019-9077', 'CVE-2019-12972', 'CVE-2020-16598', 'CVE-2020-35493', 'CVE-2020-35494', 'CVE-2020-35495', 'CVE-2020-35496', 'CVE-2020-35507', 'CVE-2021-45078', 'CVE-2022-38533', 'CVE-2023-1972', 'CVE-2023-25584', 'CVE-2023-25585', 'CVE-2023-25588']},
      {'reference':'gcc-toolset-10-binutils', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'gcc-toolset-10-binutils', 'cves':['CVE-2020-35448', 'CVE-2021-3487', 'CVE-2021-20294', 'CVE-2021-45078', 'CVE-2022-38533']},
      {'reference':'gcc-toolset-11-binutils', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'gcc-toolset-11-binutils', 'cves':['CVE-2021-45078', 'CVE-2022-38533', 'CVE-2023-1972', 'CVE-2023-25584', 'CVE-2023-25585', 'CVE-2023-25588']},
      {'reference':'gcc-toolset-12-binutils', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'gcc-toolset-12-binutils', 'cves':['CVE-2022-38533', 'CVE-2023-1972', 'CVE-2023-25584', 'CVE-2023-25585', 'CVE-2023-25588']},
      {'reference':'gcc-toolset-9-binutils', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'gcc-toolset-9-binutils', 'cves':['CVE-2019-12972', 'CVE-2019-17451', 'CVE-2020-16598', 'CVE-2020-35493', 'CVE-2020-35494', 'CVE-2020-35495', 'CVE-2020-35496', 'CVE-2020-35507', 'CVE-2021-20294', 'CVE-2021-45078']},
      {'reference':'mingw-binutils', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'mingw-binutils', 'cves':['CVE-2018-10535', 'CVE-2018-12641', 'CVE-2018-12697', 'CVE-2018-12698', 'CVE-2018-12699', 'CVE-2018-12700', 'CVE-2018-12934', 'CVE-2018-13033', 'CVE-2018-17358', 'CVE-2018-17360', 'CVE-2018-17794', 'CVE-2018-17985', 'CVE-2018-18309', 'CVE-2018-18483', 'CVE-2018-18484', 'CVE-2018-18605', 'CVE-2018-18606', 'CVE-2018-18607', 'CVE-2018-18700', 'CVE-2018-18701', 'CVE-2018-19932', 'CVE-2018-20002', 'CVE-2018-20623', 'CVE-2018-20651', 'CVE-2018-1000876']}
    ]
  }
];


var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
  foreach var pkg ( constraint_array['pkgs'] ) {
    var unpatched_pkg = NULL;
    var _release = NULL;
    var sp = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (unpatched_pkg &&
        _release &&
        (!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
        unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : unpatched_packages_report()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'binutils / gcc-toolset-10-binutils / gcc-toolset-11-binutils / etc');
}
VendorProductVersionCPE
redhatenterprise_linuxgcc-toolset-11-binutilsp-cpe:/a:redhat:enterprise_linux:gcc-toolset-11-binutils
redhatenterprise_linuxgcc-toolset-9-binutilsp-cpe:/a:redhat:enterprise_linux:gcc-toolset-9-binutils
redhatenterprise_linuxgcc-toolset-12-binutilsp-cpe:/a:redhat:enterprise_linux:gcc-toolset-12-binutils
redhatenterprise_linuxgcc-toolset-10-binutilsp-cpe:/a:redhat:enterprise_linux:gcc-toolset-10-binutils
redhatenterprise_linuxbinutilsp-cpe:/a:redhat:enterprise_linux:binutils
redhatenterprise_linux8cpe:/o:redhat:enterprise_linux:8
redhatenterprise_linuxmingw-binutilsp-cpe:/a:redhat:enterprise_linux:mingw-binutils

References

Related

nessus 87
cloudlinux 4
openvas 45
ubuntu 3
photon 15
cloudfoundry 2
ibm 8
gentoo 2
fedora 1
ubuntucve 7
f5 4
suse 6
amazon 3
oraclelinux 1
redhat 1
centos 1
osv 2
cvelist 1
alpinelinux 1
prion 1
debiancve 1
cve 1
nvd 1
rosalinux 1
nessus
nessus
RHEL 8 : binutils (Unpatched Vulnerability)
2024-05-11 00:00:00
SUSE SLED12 / SLES12 Security Update : binutils (SUSE-SU-2019:2650-1)
2019-10-15 00:00:00
Photon OS 2.0: Binutils PHSA-2019-2.0-0119
2019-02-07 00:00:00
cloudlinux
cloudlinux
Fix of 14 CVEs
2022-01-11 12:27:33
Fix of CVE: CVE-2021-45078, CVE-2018-9138, CVE-2018-17985, CVE-2018-12641, CVE-2018-12699, CVE-2018-12698, CVE-2018-12697, CVE-2018-12700, CVE-2018-18484, CVE-2018-18701, CVE-2018-12934, CVE-2018-18700, CVE-2018-17794, CVE-2018-18483
2021-12-29 15:09:05
Fix of 36 CVEs
2021-12-27 16:08:07
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2019:2650-1)
2021-04-19 00:00:00
Ubuntu: Security Advisory (USN-4336-1)
2020-04-23 00:00:00
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2020-1074)
2020-01-23 00:00:00
ubuntu
ubuntu
GNU binutils vulnerabilities
2020-04-22 00:00:00
libiberty vulnerabilities
2020-04-08 00:00:00
GNU binutils vulnerabilities
2023-05-24 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0119
2019-01-08 00:00:00
Moderate Photon OS Security Update - PHSA-2019-0119
2019-01-08 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0321
2021-02-26 00:00:00
cloudfoundry
cloudfoundry
USN-4336-1: GNU binutils vulnerabilities | Cloud Foundry
2020-05-14 00:00:00
USN-6101-1: GNU binutils vulnerabilities | Cloud Foundry
2023-06-30 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in GNU Binutils affect IBM Netezza Platform Software clients.
2020-07-23 09:47:08
Security Bulletin: Multiple Vulnerabilities in GNU Binutils affects Watson Studio Local
2019-12-20 13:52:21
Security Bulletin: Multiple vulnerabilities in GNU binutils affect IBM Netezza Analytics
2021-01-13 15:48:56
gentoo
gentoo
Binutils: Multiple vulnerabilities
2019-08-03 00:00:00
Binutils: Multiple vulnerabilities
2021-07-10 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: mingw-binutils-2.32-9.fc32
2021-01-07 01:14:18
ubuntucve
ubuntucve
CVE-2018-18484
2018-10-18 00:00:00
CVE-2018-17794
2018-09-30 00:00:00
CVE-2018-18701
2018-10-29 00:00:00
f5
f5
K01152385 : Binutils vulnerabilities CVE-2018-8945, CVE-2018-12697, CVE-2018-12698, CVE-2018-12699, and CVE-2018-12700
2018-07-23 00:00:00
K24353255 : Binutils vulnerabilities CVE-2018-18605, CVE-2018-18606, and CVE-2018-18607
2018-12-28 00:00:00
K38336243 : Binutils vulnerabilities CVE-2018-20623, CVE-2018-20651, and CVE-2018-20712
2019-03-25 00:00:00
suse
suse
Security update for binutils (moderate)
2019-10-30 00:00:00
Security update for binutils (moderate)
2019-11-05 00:00:00
Security update for binutils (moderate)
2021-11-15 00:00:00
amazon
amazon
Medium: binutils
2019-11-11 17:35:00
Medium: gcc10-binutils
2021-09-08 23:35:00
Medium: gcc10-binutils
2021-09-08 23:35:00
oraclelinux
oraclelinux
binutils security and bug fix update
2019-08-13 00:00:00
redhat
redhat
(RHSA-2019:2075) Moderate: binutils security and bug fix update
2019-08-06 07:58:08
centos
centos
binutils security update
2019-08-30 02:35:38
osv
osv
binutils vulnerabilities
2023-05-24 08:57:00
CVE-2021-45078
2021-12-15 20:15:08
cvelist
cvelist
CVE-2021-45078
2021-12-15 19:37:46
alpinelinux
alpinelinux
CVE-2021-45078
2021-12-15 20:15:00
prion
prion
Heap overflow
2021-12-15 20:15:00
debiancve
debiancve
CVE-2021-45078
2021-12-15 20:15:08
cve
cve
CVE-2021-45078
2021-12-15 20:15:08
nvd
nvd
CVE-2021-45078
2021-12-15 20:15:08
rosalinux
rosalinux
Advisory ROSA-SA-2021-1808
2021-07-02 16:33:56

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.3%

JSON
Related for REDHAT_UNPATCHED_BINUTILS-RHEL8.NASL
nessus87cloudlinux4openvas45ubuntu3photon15cloudfoundry2ibm8gentoo2fedora1ubuntucve7f54suse6amazon3oraclelinux1redhat1centos1osv2cvelist1alpinelinux1prion1debiancve1cve1nvd1rosalinux1