Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.842088 |
Categoría: | Ubuntu Local Security Checks |
Título: | Ubuntu Update for binutils USN-2496-1 |
Resumen: | The remote host is missing an update for the 'binutils'; package(s) announced via the referenced advisory. |
Descripción: | Summary: The remote host is missing an update for the 'binutils' package(s) announced via the referenced advisory. Vulnerability Insight: Michal Zalewski discovered that the setup_group function in libbfd in GNU binutils did not properly check group headers in ELF files. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8485) Hanno Bö ck discovered that the _bfd_XXi_swap_aouthdr_in function in libbfd in GNU binutils allowed out-of-bounds writes. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8501) Hanno Bö ck discovered a heap-based buffer overflow in the pe_print_edata function in libbfd in GNU binutils. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8502) Alexander Cherepanov discovered multiple directory traversal vulnerabilities in GNU binutils. An attacker could use this to craft input that could delete arbitrary files. (CVE-2014-8737) Alexander Cherepanov discovered the _bfd_slurp_extended_name_table function in libbfd in GNU binutils allowed invalid writes when handling extended name tables in an archive. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8738) Hanno Bö ck discovered a stack-based buffer overflow in the ihex_scan function in libbfd in GNU binutils. An attacker could use this to craft input that could cause a denial of service (application crash). (CVE-2014-8503) Michal Zalewski discovered a stack-based buffer overflow in the srec_scan function in libbfd in GNU binutils. An attacker could use this to craft input that could cause a denial of service (application crash) the GNU C library's Fortify Source printf protection should prevent the possibility of executing arbitrary code. (CVE-2014-8504) Michal Zalewski discovered that the srec_scan function in libbfd in GNU binutils allowed out-of-bounds reads. An attacker could use this to craft input to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS. (CVE-2014-8484) Sang Kil Cha discovered multiple integer overflows in the _objalloc_alloc function and objalloc_alloc macro in binutils. This could allow an attacker to cause a denial of service (application crash). This issue only affected Ubuntu 12.04 LTS and Ubuntu 10.04 LTS. (CVE-2012-3509) Alexander Cherepanov and Hanno Bö ck discovered multiple additional out-of-bounds reads and w ... Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: binutils on Ubuntu 14.10, Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, Ubuntu 10.04 LTS Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-8485 BugTraq ID: 70741 http://www.securityfocus.com/bid/70741 http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html https://security.gentoo.org/glsa/201612-24 http://www.mandriva.com/security/advisories?name=MDVSA-2015:029 http://lcamtuf.blogspot.co.uk/2014/10/psa-dont-run-strings-on-untrusted-files.html http://www.openwall.com/lists/oss-security/2014/10/26/2 http://secunia.com/advisories/62241 http://secunia.com/advisories/62746 http://www.ubuntu.com/usn/USN-2496-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-8501 BugTraq ID: 70866 http://www.securityfocus.com/bid/70866 http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html http://www.openwall.com/lists/oss-security/2014/10/26/3 http://www.openwall.com/lists/oss-security/2014/10/31/1 Common Vulnerability Exposure (CVE) ID: CVE-2014-8502 BugTraq ID: 70869 http://www.securityfocus.com/bid/70869 Common Vulnerability Exposure (CVE) ID: CVE-2014-8737 BugTraq ID: 70908 http://www.securityfocus.com/bid/70908 http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145256.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145746.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145352.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148438.html http://www.openwall.com/lists/oss-security/2014/11/13/1 Common Vulnerability Exposure (CVE) ID: CVE-2014-8738 BugTraq ID: 71083 http://www.securityfocus.com/bid/71083 Debian Security Information: DSA-3123 (Google Search) http://www.debian.org/security/2015/dsa-3123 http://www.openwall.com/lists/oss-security/2014/11/02/4 http://www.openwall.com/lists/oss-security/2014/11/05/7 http://www.openwall.com/lists/oss-security/2014/11/13/2 Common Vulnerability Exposure (CVE) ID: CVE-2014-8503 BugTraq ID: 70868 http://www.securityfocus.com/bid/70868 Common Vulnerability Exposure (CVE) ID: CVE-2014-8504 BugTraq ID: 70761 http://www.securityfocus.com/bid/70761 http://www.openwall.com/lists/oss-security/2014/10/27/4 http://www.openwall.com/lists/oss-security/2014/10/27/5 Common Vulnerability Exposure (CVE) ID: CVE-2014-8484 BugTraq ID: 70714 http://www.securityfocus.com/bid/70714 http://openwall.com/lists/oss-security/2014/10/23/5 Common Vulnerability Exposure (CVE) ID: CVE-2012-3509 BugTraq ID: 55281 http://www.securityfocus.com/bid/55281 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54411 http://security-tracker.debian.org/tracker/CVE-2012-3509 http://gcc.gnu.org/ml/gcc-patches/2012-08/msg01986.html http://www.openwall.com/lists/oss-security/2012/08/29/3 XForce ISS Database: gnu-libiberty-overflow(78135) https://exchange.xforce.ibmcloud.com/vulnerabilities/78135 |
Copyright | Copyright (C) 2015 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |