Vulnerabilities > CVE-2012-3509 - Numeric Errors vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 | |
| OS | 4 | |
| OS | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2012-18300.NASL description - Thu Nov 15 2012 Patrick Monnerat <pm at datasphere.ch> 7.4.50-4.20120403cvs - Path last seen 2020-03-17 modified 2012-11-26 plugin id 63040 published 2012-11-26 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63040 title Fedora 16 : insight-7.4.50-4.20120403cvs.fc16 (2012-18300) NASL family Fedora Local Security Checks NASL id FEDORA_2012-18360.NASL description - Thu Nov 15 2012 Patrick Monnerat <pm at datasphere.ch> 7.4.50-4.20120403cvs - Path last seen 2020-03-17 modified 2012-11-26 plugin id 63042 published 2012-11-26 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63042 title Fedora 18 : insight-7.4.50-4.20120403cvs.fc18 (2012-18360) NASL family Fedora Local Security Checks NASL id FEDORA_2014-1835.NASL description Update to 0.31, which is baed on gcc 4.8.2 and thus fixes CVE-2012-3509 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-02-10 plugin id 72407 published 2014-02-10 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72407 title Fedora 20 : ghdl-0.31-1.fc20 (2014-1835) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-029.NASL description Multiple vulnerabilities has been found and corrected in binutils : Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the addition of CHUNK_HEADER_SIZE to the length, which triggers a heap-based buffer overflow (CVE-2012-3509). The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record (CVE-2014-8484). The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file (CVE-2014-8485). The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable (CVE-2014-8501). Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file (CVE-2014-8502). Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file (CVE-2014-8503). Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file (CVE-2014-8504). Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar (CVE-2014-8737). The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive (CVE-2014-8738). The updated packages provides a solution for these security issues. last seen 2020-06-01 modified 2020-06-02 plugin id 81195 published 2015-02-06 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81195 title Mandriva Linux Security Advisory : binutils (MDVSA-2015:029-1) NASL family Fedora Local Security Checks NASL id FEDORA_2012-18311.NASL description - Thu Nov 15 2012 Patrick Monnerat <pm at datasphere.ch> 7.4.50-4.20120403cvs - Path last seen 2020-03-17 modified 2012-11-26 plugin id 63041 published 2012-11-26 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/63041 title Fedora 17 : insight-7.4.50-4.20120403cvs.fc17 (2012-18311) NASL family Fedora Local Security Checks NASL id FEDORA_2014-8528.NASL description Security patch for libiberty Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-08-04 plugin id 76979 published 2014-08-04 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76979 title Fedora 19 : sdcc-3.3.0-1.fc19 (2014-8528) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-324.NASL description This update fixes several issues as described below. PR ld/12613 (no CVE assigned) Niranjan Hasabnis discovered that passing an malformed linker script to GNU ld, part of binutils, may result in a stack-based buffer overflow. If the linker is used with untrusted object files, this would allow remote attackers to cause a denial of service (crash) or possibly privilege escalation. CVE-2012-3509 #688951 Sang Kil Cha discovered that a buffer size calculation in libiberty, part of binutils, may result in integer overflow and then a heap buffer overflow. If libiberty or the commands in binutils are used to read untrusted binaries, this would allow remote attackers to cause a denial of service (crash) or possibly privilege escalation. PR binutils/18750 (no CVE assigned) Joshua Rogers reported that passing a malformed ihex (Intel hexadecimal) file to to various commands in binutils may result in a stack-based buffer overflow. A similar issue was found in readelf. If these commands are used to read untrusted binaries, this would allow remote attackers to cause a denial of service (crash) or possibly privilege escalation. For the oldoldstable distribution (squeeze), these problems have been fixed in version 2.20.1-16+deb6u2. For the oldstable distribution (wheezy) and the stable distribution (jessie), PR ld/12613 and CVE-2012-3509 were fixed before release, and PR binutils/18750 will be fixed in a later update. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2015-10-02 plugin id 86227 published 2015-10-02 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86227 title Debian DLA-324-1 : binutils security update NASL family Fedora Local Security Checks NASL id FEDORA_2014-8510.NASL description Security patch for libiberty Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-08-04 plugin id 76978 published 2014-08-04 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/76978 title Fedora 20 : sdcc-3.3.0-1.fc20 (2014-8510) NASL family Fedora Local Security Checks NASL id FEDORA_2014-1828.NASL description Update to 0.31, which is baed on gcc 4.8.2 and thus fixes CVE-2012-3509 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2014-02-10 plugin id 72406 published 2014-02-10 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/72406 title Fedora 19 : ghdl-0.31-1.fc19 (2014-1828) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2496-1.NASL description Michal Zalewski discovered that the setup_group function in libbfd in GNU binutils did not properly check group headers in ELF files. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8485) Hanno Bock discovered that the _bfd_XXi_swap_aouthdr_in function in libbfd in GNU binutils allowed out-of-bounds writes. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8501) Hanno Bock discovered a heap-based buffer overflow in the pe_print_edata function in libbfd in GNU binutils. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8502) Alexander Cherepanov discovered multiple directory traversal vulnerabilities in GNU binutils. An attacker could use this to craft input that could delete arbitrary files. (CVE-2014-8737) Alexander Cherepanov discovered the _bfd_slurp_extended_name_table function in libbfd in GNU binutils allowed invalid writes when handling extended name tables in an archive. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8738) Hanno Bock discovered a stack-based buffer overflow in the ihex_scan function in libbfd in GNU binutils. An attacker could use this to craft input that could cause a denial of service (application crash). (CVE-2014-8503) Michal Zalewski discovered a stack-based buffer overflow in the srec_scan function in libbfd in GNU binutils. An attacker could use this to to craft input that could cause a denial of service (application crash); the GNU C library last seen 2020-06-01 modified 2020-06-02 plugin id 81255 published 2015-02-10 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81255 title Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : binutils vulnerabilities (USN-2496-1)
References
- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54411
- http://gcc.gnu.org/ml/gcc-patches/2012-08/msg01986.html
- http://security-tracker.debian.org/tracker/CVE-2012-3509
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:029
- http://www.openwall.com/lists/oss-security/2012/08/29/3
- http://www.securityfocus.com/bid/55281
- http://www.ubuntu.com/usn/USN-2496-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78135