Vulnerabilities > CVE-2014-0172 - Numeric Errors vulnerability in Elfutils Project Elfutils

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

elfutils-project

CWE-189

nessus

NVD

Published: 2014-04-11

Updated: 2017-07-01

Summary

Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.

Vulnerable Configurations

Part	Description	Count
Application	Elfutils_Project Elfutils Project Elfutils 0.153 Elfutils Project Elfutils 0.154 Elfutils Project Elfutils 0.155 Elfutils Project Elfutils 0.156 Elfutils Project Elfutils 0.157 Elfutils Project Elfutils 0.158	6

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Nessus

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2014-5015.NASL
description	Fix CVE-2014-0172 elfutils: integer overflow, leading to a heap-based buffer overflow in libdw. Update to 0.158. Support for aarch64. Unwinder support for i386, x86_64, s390, s390x, ppc and ppc64. Add eu-stack. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2014-04-21
plugin id	73627
published	2014-04-21
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/73627
title	Fedora 20 : elfutils-0.158-3.fc20 (2014-5015)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-5015. # include("compat.inc"); if (description) { script_id(73627); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-0172"); script_bugtraq_id(66714); script_xref(name:"FEDORA", value:"2014-5015"); script_name(english:"Fedora 20 : elfutils-0.158-3.fc20 (2014-5015)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix CVE-2014-0172 elfutils: integer overflow, leading to a heap-based buffer overflow in libdw. Update to 0.158. Support for aarch64. Unwinder support for i386, x86_64, s390, s390x, ppc and ppc64. Add eu-stack. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1085663" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-April/131861.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?804a0ebe" ); script_set_attribute( attribute:"solution", value:"Update the affected elfutils package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:elfutils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"elfutils-0.158-3.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "elfutils"); }

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201612-32.NASL
description	The remote host is affected by the vulnerability described in GLSA-201612-32 (elfutils: Heap-based buffer overflow) An integer overflow, in the check_section function of dwarf_begin_elf.c, in the libdw library can lead to a heap-based buffer overflow. Impact : A remote attacker could entice a user to open a specially crafted file, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	95735
published	2016-12-13
reporter	This script is Copyright (C) 2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/95735
title	GLSA-201612-32 : elfutils: Heap-based buffer overflow
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201612-32. # # The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(95735); script_version("$Revision: 3.1 $"); script_cvs_date("$Date: 2016/12/13 18:01:19 $"); script_cve_id("CVE-2014-0172"); script_xref(name:"GLSA", value:"201612-32"); script_name(english:"GLSA-201612-32 : elfutils: Heap-based buffer overflow"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201612-32 (elfutils: Heap-based buffer overflow) An integer overflow, in the check_section function of dwarf_begin_elf.c, in the libdw library can lead to a heap-based buffer overflow. Impact : A remote attacker could entice a user to open a specially crafted file, possibly resulting in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201612-32" ); script_set_attribute( attribute:"solution", value: "All elfutils users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-libs/elfutils-0.159'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:elfutils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2016/12/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-libs/elfutils", unaffected:make_list("ge 0.159"), vulnerable:make_list("lt 0.159"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "elfutils"); }

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2014-345.NASL
description	Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.
last seen	2020-06-01
modified	2020-06-02
plugin id	78288
published	2014-10-12
reporter	This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/78288
title	Amazon Linux AMI : elfutils (ALAS-2014-345)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2014-345. # include("compat.inc"); if (description) { script_id(78288); script_version("1.3"); script_cvs_date("Date: 2018/04/18 15:09:35"); script_cve_id("CVE-2014-0172"); script_xref(name:"ALAS", value:"2014-345"); script_name(english:"Amazon Linux AMI : elfutils (ALAS-2014-345)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow." ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2014-345.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update elfutils' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:elfutils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:elfutils-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:elfutils-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:elfutils-devel-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:elfutils-libelf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:elfutils-libelf-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:elfutils-libelf-devel-static"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:elfutils-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2014/05/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/10/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) \|\| !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A\|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"elfutils-0.158-3.16.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"elfutils-debuginfo-0.158-3.16.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"elfutils-devel-0.158-3.16.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"elfutils-devel-static-0.158-3.16.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"elfutils-libelf-0.158-3.16.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"elfutils-libelf-devel-0.158-3.16.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"elfutils-libelf-devel-static-0.158-3.16.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"elfutils-libs-0.158-3.16.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "elfutils / elfutils-debuginfo / elfutils-devel / etc"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2014-5031.NASL
description	Fix CVE-2014-0172 elfutils: integer overflow, leading to a heap-based buffer overflow in libdw. Update to 0.158. Support for aarch64. Unwinder support for i386, x86_64, s390, s390x, ppc and ppc64. Add eu-stack. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-03-17
modified	2014-04-30
plugin id	73773
published	2014-04-30
reporter	This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/73773
title	Fedora 19 : elfutils-0.158-3.fc19 (2014-5031)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2014-5031. # include("compat.inc"); if (description) { script_id(73773); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2014-0172"); script_bugtraq_id(66714); script_xref(name:"FEDORA", value:"2014-5031"); script_name(english:"Fedora 19 : elfutils-0.158-3.fc19 (2014-5031)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix CVE-2014-0172 elfutils: integer overflow, leading to a heap-based buffer overflow in libdw. Update to 0.158. Support for aarch64. Unwinder support for i386, x86_64, s390, s390x, ppc and ppc64. Add eu-stack. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1085663" ); # https://lists.fedoraproject.org/pipermail/package-announce/2014-April/132287.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?3b8b28f9" ); script_set_attribute( attribute:"solution", value:"Update the affected elfutils package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:elfutils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/04/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^19([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC19", reference:"elfutils-0.158-3.fc19")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "elfutils"); }

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-2188-1.NASL
description	Florian Weimer discovered that the elfutils libdw library incorrectly handled malformed compressed debug sections in ELF files. If a user or automated system were tricked into processing a specially crafted ELF file, applications linked against libdw could be made to crash, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	73802
published	2014-05-01
reporter	Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/73802
title	Ubuntu 12.10 / 13.10 / 14.04 LTS : elfutils vulnerability (USN-2188-1)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-2188-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(73802); script_version("1.5"); script_cvs_date("Date: 2019/09/19 12:54:30"); script_cve_id("CVE-2014-0172"); script_bugtraq_id(66714); script_xref(name:"USN", value:"2188-1"); script_name(english:"Ubuntu 12.10 / 13.10 / 14.04 LTS : elfutils vulnerability (USN-2188-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Florian Weimer discovered that the elfutils libdw library incorrectly handled malformed compressed debug sections in ELF files. If a user or automated system were tricked into processing a specially crafted ELF file, applications linked against libdw could be made to crash, or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/2188-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libdw1 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libdw1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:13.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/11"); script_set_attribute(attribute:"patch_publication_date", value:"2014/04/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/01"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(12\.10\|13\.10\|14\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 12.10 / 13.10 / 14.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"12.10", pkgname:"libdw1", pkgver:"0.153-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"13.10", pkgname:"libdw1", pkgver:"0.157-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"14.04", pkgname:"libdw1", pkgver:"0.158-0ubuntu5.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libdw1"); }

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2015-104.NASL
description	Updated elfutils packages fix security vulnerabilities : The libdw library provides support for accessing DWARF debugging information inside ELF files. An integer overflow flaw in check_section(), leading to a heap-based buffer overflow, was found in the libdw library. A malicious ELF file could cause an application using libdw (such as eu-readelf) to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2014-0172). Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program (CVE-2014-9447).
last seen	2020-06-01
modified	2020-06-02
plugin id	82357
published	2015-03-30
reporter	This script is Copyright (C) 2015-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/82357
title	Mandriva Linux Security Advisory : elfutils (MDVSA-2015:104)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2015:104. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(82357); script_version("1.3"); script_cvs_date("Date: 2019/08/02 13:32:56"); script_cve_id("CVE-2014-0172", "CVE-2014-9447"); script_xref(name:"MDVSA", value:"2015:104"); script_name(english:"Mandriva Linux Security Advisory : elfutils (MDVSA-2015:104)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated elfutils packages fix security vulnerabilities : The libdw library provides support for accessing DWARF debugging information inside ELF files. An integer overflow flaw in check_section(), leading to a heap-based buffer overflow, was found in the libdw library. A malicious ELF file could cause an application using libdw (such as eu-readelf) to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2014-0172). Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program (CVE-2014-9447)." ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2014-0177.html" ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2015-0033.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:elfutils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64elfutils-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64elfutils-static-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64elfutils1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64\|i[3-6]86\|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"elfutils-0.157-4.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64elfutils-devel-0.157-4.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64elfutils-static-devel-0.157-4.1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"lib64elfutils1-0.157-4.1.mbs2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2014-491.NASL
description	Fix integer overflow in check_section (CVE-2014-0172, bnc#872785)
last seen	2020-06-05
modified	2014-08-12
plugin id	77135
published	2014-08-12
reporter	This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/77135
title	openSUSE Security Update : elfutils (openSUSE-SU-2014:0974-1)

Redhat

advisories

bugzilla

id	1077154
title	please backport upstream testcase libdwfl: test dwflsyms to the rhel rpm

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND
comment elfutils-devel is earlier than 0:0.160-1.el7
oval oval:com.redhat.rhea:tst:20150369001
comment elfutils-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhea:tst:20150369002
AND
comment elfutils is earlier than 0:0.160-1.el7
oval oval:com.redhat.rhea:tst:20150369003
comment elfutils is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhea:tst:20150369004

AND

comment elfutils-libelf-devel is earlier than 0:0.160-1.el7
oval oval:com.redhat.rhea:tst:20150369005
comment elfutils-libelf-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhea:tst:20150369006

AND
comment elfutils-libelf is earlier than 0:0.160-1.el7
oval oval:com.redhat.rhea:tst:20150369007
comment elfutils-libelf is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhea:tst:20150369008
AND
comment elfutils-libs is earlier than 0:0.160-1.el7
oval oval:com.redhat.rhea:tst:20150369009
comment elfutils-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhea:tst:20150369010

AND

comment elfutils-libelf-devel-static is earlier than 0:0.160-1.el7
oval oval:com.redhat.rhea:tst:20150369011
comment elfutils-libelf-devel-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhea:tst:20150369012

AND

comment elfutils-devel-static is earlier than 0:0.160-1.el7
oval oval:com.redhat.rhea:tst:20150369013
comment elfutils-devel-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhea:tst:20150369014

rhsa

id	RHEA-2015:0369
released	2015-03-05
severity	None
title	RHEA-2015:0369: elfutils bug fix and enhancement update (None)

rpms

elfutils-0:0.160-1.el7
elfutils-debuginfo-0:0.160-1.el7
elfutils-devel-0:0.160-1.el7
elfutils-devel-static-0:0.160-1.el7
elfutils-libelf-0:0.160-1.el7
elfutils-libelf-devel-0:0.160-1.el7
elfutils-libelf-devel-static-0:0.160-1.el7
elfutils-libs-0:0.160-1.el7

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Redhat

References