usn-2496-1
Vulnerability from osv_ubuntu
Published
2015-02-09 21:39
Modified
2026-04-22 07:36
Summary
binutils vulnerabilities
Details

Michal Zalewski discovered that the setup_group function in libbfd in GNU binutils did not properly check group headers in ELF files. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8485)

Hanno Böck discovered that the _bfd_XXi_swap_aouthdr_in function in libbfd in GNU binutils allowed out-of-bounds writes. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8501)

Hanno Böck discovered a heap-based buffer overflow in the pe_print_edata function in libbfd in GNU binutils. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8502)

Alexander Cherepanov discovered multiple directory traversal vulnerabilities in GNU binutils. An attacker could use this to craft input that could delete arbitrary files. (CVE-2014-8737)

Alexander Cherepanov discovered the _bfd_slurp_extended_name_table function in libbfd in GNU binutils allowed invalid writes when handling extended name tables in an archive. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8738)

Hanno Böck discovered a stack-based buffer overflow in the ihex_scan function in libbfd in GNU binutils. An attacker could use this to craft input that could cause a denial of service (application crash). (CVE-2014-8503)

Michal Zalewski discovered a stack-based buffer overflow in the srec_scan function in libbfd in GNU binutils. An attacker could use this to to craft input that could cause a denial of service (application crash); the GNU C library's Fortify Source printf protection should prevent the possibility of executing arbitrary code. (CVE-2014-8504)

Michal Zalewski discovered that the srec_scan function in libbfd in GNU binutils allowed out-of-bounds reads. An attacker could use this to craft input to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS. (CVE-2014-8484)

Sang Kil Cha discovered multiple integer overflows in the _objalloc_alloc function and objalloc_alloc macro in binutils. This could allow an attacker to cause a denial of service (application crash). This issue only affected Ubuntu 12.04 LTS and Ubuntu 10.04 LTS. (CVE-2012-3509)

Alexander Cherepanov and Hanno Böck discovered multiple additional out-of-bounds reads and writes in GNU binutils. An attacker could use these to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. A few of these issues may be limited in exposure to a denial of service (application abort) by the GNU C library's Fortify Source printf protection.

The strings(1) utility in GNU binutils used libbfd by default when examining executable object files; unfortunately, libbfd was not originally developed with the expectation of hostile input. As a defensive measure, the behavior of strings has been changed to default to 'strings --all' behavior, which does not use libbfd; use the new argument to strings, '--data', to recreate the old behavior.


{
  "affected": [
    {
      "database_specific": {
        "cves_map": {
          "cves": [
            {
              "id": "CVE-2014-8484",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2014-8485",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2014-8501",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2014-8502",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2014-8503",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2014-8504",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2014-8737",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            },
            {
              "id": "CVE-2014-8738",
              "severity": [
                {
                  "score": "medium",
                  "type": "Ubuntu"
                }
              ]
            }
          ],
          "ecosystem": "Ubuntu:14.04:LTS"
        }
      },
      "ecosystem_specific": {
        "availability": "No subscription required",
        "binaries": [
          {
            "binary_name": "binutils",
            "binary_version": "2.24-5ubuntu3.1"
          },
          {
            "binary_name": "binutils-multiarch",
            "binary_version": "2.24-5ubuntu3.1"
          },
          {
            "binary_name": "binutils-source",
            "binary_version": "2.24-5ubuntu3.1"
          },
          {
            "binary_name": "binutils-static",
            "binary_version": "2.24-5ubuntu3.1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:14.04:LTS",
        "name": "binutils",
        "purl": "pkg:deb/ubuntu/binutils@2.24-5ubuntu3.1?arch=source\u0026distro=trusty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.24-5ubuntu3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "2.23.52.20130913-0ubuntu1",
        "2.23.90.20131017-1ubuntu1",
        "2.23.90.20131116-1ubuntu1",
        "2.23.91.20131123-1ubuntu1",
        "2.24-1ubuntu1",
        "2.24-1ubuntu2",
        "2.24-2ubuntu1",
        "2.24-2ubuntu2",
        "2.24-2ubuntu3",
        "2.24-4ubuntu1",
        "2.24-5ubuntu1",
        "2.24-5ubuntu2",
        "2.24-5ubuntu3"
      ]
    }
  ],
  "aliases": [],
  "details": "Michal Zalewski discovered that the setup_group function in libbfd in\nGNU binutils did not properly check group headers in ELF files. An\nattacker could use this to craft input that could cause a denial\nof service (application crash) or possibly execute arbitrary code.\n(CVE-2014-8485)\n\nHanno B\u00f6ck discovered that the _bfd_XXi_swap_aouthdr_in function\nin libbfd in GNU binutils allowed out-of-bounds writes. An\nattacker could use this to craft input that could cause a denial\nof service (application crash) or possibly execute arbitrary code.\n(CVE-2014-8501)\n\nHanno B\u00f6ck discovered a heap-based buffer overflow in the\npe_print_edata function in libbfd in GNU binutils. An attacker\ncould use this to craft input that could cause a denial of service\n(application crash) or possibly execute arbitrary code. (CVE-2014-8502)\n\nAlexander Cherepanov discovered multiple directory traversal\nvulnerabilities in GNU binutils. An attacker could use this to craft\ninput that could delete arbitrary files. (CVE-2014-8737)\n\nAlexander Cherepanov discovered the _bfd_slurp_extended_name_table\nfunction in libbfd in GNU binutils allowed invalid writes when handling\nextended name tables in an archive. An attacker could use this to\ncraft input that could cause a denial of service (application crash)\nor possibly execute arbitrary code. (CVE-2014-8738)\n\nHanno B\u00f6ck discovered a stack-based buffer overflow in the ihex_scan\nfunction in libbfd in GNU binutils. An attacker could use this\nto craft input that could cause a denial of service (application\ncrash). (CVE-2014-8503)\n\nMichal Zalewski discovered a stack-based buffer overflow in the\nsrec_scan function in libbfd in GNU binutils. An attacker could\nuse this to to craft input that could cause a denial of service\n(application crash); the GNU C library\u0027s Fortify Source printf\nprotection should prevent the possibility of executing arbitrary code.\n(CVE-2014-8504)\n\nMichal Zalewski discovered that the srec_scan function in libbfd\nin GNU binutils allowed out-of-bounds reads. An attacker could\nuse this to craft input to cause a denial of service. This issue\nonly affected Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 10.04\nLTS. (CVE-2014-8484)\n\nSang Kil Cha discovered multiple integer overflows in the\n_objalloc_alloc function and objalloc_alloc macro in binutils. This\ncould allow an attacker to cause a denial of service (application\ncrash). This issue only affected Ubuntu 12.04 LTS and Ubuntu 10.04 LTS.\n(CVE-2012-3509)\n\nAlexander Cherepanov and Hanno B\u00f6ck discovered multiple additional\nout-of-bounds reads and writes in GNU binutils. An attacker could use\nthese to craft input that could cause a denial of service (application\ncrash) or possibly execute arbitrary code. A few of these issues may\nbe limited in exposure to a denial of service (application abort)\nby the GNU C library\u0027s Fortify Source printf protection.\n\nThe strings(1) utility in GNU binutils used libbfd by default when\nexamining executable object files; unfortunately, libbfd was not\noriginally developed with the expectation of hostile input. As\na defensive measure, the behavior of strings has been changed to\ndefault to \u0027strings --all\u0027 behavior, which does not use libbfd; use\nthe new argument to strings, \u0027--data\u0027, to recreate the old behavior.\n",
  "id": "USN-2496-1",
  "modified": "2026-04-22T07:36:32Z",
  "published": "2015-02-09T21:39:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://ubuntu.com/security/notices/USN-2496-1"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2012-3509"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-8484"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-8485"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-8501"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-8502"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-8503"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-8504"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-8737"
    },
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2014-8738"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "summary": "binutils vulnerabilities",
  "upstream": [
    "UBUNTU-CVE-2012-3509",
    "UBUNTU-CVE-2014-8484",
    "UBUNTU-CVE-2014-8485",
    "UBUNTU-CVE-2014-8501",
    "UBUNTU-CVE-2014-8502",
    "UBUNTU-CVE-2014-8503",
    "UBUNTU-CVE-2014-8504",
    "UBUNTU-CVE-2014-8737",
    "UBUNTU-CVE-2014-8738"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…