Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Gentoo Local Security Checks >> [GLSA-200506-01] Binutils, elfutils: Buffer overflow

Vulnerability Assessment Details

[GLSA-200506-01] Binutils, elfutils: Buffer overflow
Vulnerability Assessment Summary
Binutils, elfutils: Buffer overflow

Detailed Explanation for this Vulnerability Assessment
The remote host is affected by the vulnerability described in GLSA-200506-01
(Binutils, elfutils: Buffer overflow)


Tavis Ormandy and Ned Ludd of the Gentoo Linux Security Audit Team
discovered an integer overflow in the BFD library and elfutils,
resulting in a heap based buffer overflow.

Impact

Successful exploitation would require a user to access a specially
crafted binary file, resulting in the execution of arbitrary code.

Workaround

There is no known workaround at this time.


Solution:
All GNU Binutils users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose sys-devel/binutils
All elfutils users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-libs/elfutils-0.108"


Network Security Threat Level: Medium


Networks Security ID:

Vulnerability Assessment Copyright: (C) 2005 Michel Arboi
Cables, Connectors


Vintage Microsoft Office 2000 Premium 4 CDs + Product Keys + Service Pack CD picture

Vintage Microsoft Office 2000 Premium 4 CDs + Product Keys + Service Pack CD

$59.99


Vintage CARDCO Vic-20 C64 +4 C16 and C128 Parallel Printer Interface Card - QTY picture

Vintage CARDCO Vic-20 C64 +4 C16 and C128 Parallel Printer Interface Card - QTY

$19.99


Vintage Keytronic PC/AT VT Switch FCC ID:CIG8AVE03435 TESTED WORKING picture

Vintage Keytronic PC/AT VT Switch FCC ID:CIG8AVE03435 TESTED WORKING

$30.00


Apple Desktop Bus Mouse I ADB Beige Vintage for Macintosh G5431 M0142 A9M0331 picture

Apple Desktop Bus Mouse I ADB Beige Vintage for Macintosh G5431 M0142 A9M0331

$23.99


(5) Vintage DiskBank floppy Disk Storage Holders Vintage picture

(5) Vintage DiskBank floppy Disk Storage Holders Vintage

$29.95


Vintage IBM 80 Character Punch Card 5081 Unpunched & Non-Vintage Code Tutorial picture

Vintage IBM 80 Character Punch Card 5081 Unpunched & Non-Vintage Code Tutorial

$3.99


Vintage Lot of 10 Kaypro Software Floppy Disks 5.25

Vintage Lot of 10 Kaypro Software Floppy Disks 5.25" Plus Holder

$85.00


NMB KEYBOARD RT2258TW NMB PS/2 BEIGE 121944-101 REV A VINTAGE NEW OLD STOCK picture

NMB KEYBOARD RT2258TW NMB PS/2 BEIGE 121944-101 REV A VINTAGE NEW OLD STOCK

$25.99


PU Leather Laptop Sleeve Case for MacBook Air Pro 13 14 15 16 inch Vintage Cover picture

PU Leather Laptop Sleeve Case for MacBook Air Pro 13 14 15 16 inch Vintage Cover

$28.99


VINTAGE 1992 NEWPORT SYSTEMS 700-0002-001 REV E GREAT CONDITION picture

VINTAGE 1992 NEWPORT SYSTEMS 700-0002-001 REV E GREAT CONDITION

$99.99


Discussions

No Discussions have been posted on this vulnerability.