Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-3123.NASL
HistoryJan 12, 2015 - 12:00 a.m.

Debian DSA-3123-1 : binutils - security update

2015-01-1200:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.049

Percentile

92.9%

JSON

Multiple security issues have been found in binutils, a toolbox for binary file manipulation. These vulnerabilities include multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, the bypass of security restrictions, path traversal attack or denial of service.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-3123. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(80444);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2014-8484", "CVE-2014-8485", "CVE-2014-8501", "CVE-2014-8502", "CVE-2014-8503", "CVE-2014-8504", "CVE-2014-8737", "CVE-2014-8738");
  script_bugtraq_id(70714, 70741, 70761, 70866, 70868, 70869, 70908, 71083);
  script_xref(name:"DSA", value:"3123");

  script_name(english:"Debian DSA-3123-1 : binutils - security update");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple security issues have been found in binutils, a toolbox for
binary file manipulation. These vulnerabilities include multiple
memory safety errors, buffer overflows, use-after-frees and other
implementation errors may lead to the execution of arbitrary code, the
bypass of security restrictions, path traversal attack or denial of
service."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/wheezy/binutils"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2015/dsa-3123"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the binutils packages.

For the stable distribution (wheezy), these problems have been fixed
in version 2.22-8+deb7u2."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:binutils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/01/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/12");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"7.0", prefix:"binutils", reference:"2.22-8+deb7u2")) flag++;
if (deb_check(release:"7.0", prefix:"binutils-dev", reference:"2.22-8+deb7u2")) flag++;
if (deb_check(release:"7.0", prefix:"binutils-doc", reference:"2.22-8+deb7u2")) flag++;
if (deb_check(release:"7.0", prefix:"binutils-gold", reference:"2.22-8+deb7u2")) flag++;
if (deb_check(release:"7.0", prefix:"binutils-multiarch", reference:"2.22-8+deb7u2")) flag++;
if (deb_check(release:"7.0", prefix:"binutils-source", reference:"2.22-8+deb7u2")) flag++;
if (deb_check(release:"7.0", prefix:"binutils-spu", reference:"2.22-8+deb7u2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxbinutilsp-cpe:/a:debian:debian_linux:binutils
debiandebian_linux7.0cpe:/o:debian:debian_linux:7.0

Related

nessus 27
openvas 23
redhat 1
centos 1
ibm 3
amazon 1
osv 2
debian 3
mageia 2
oraclelinux 1
archlinux 4
securityvulns 2
gentoo 1
fedora 10
ubuntu 2
freebsd 1
prion 8
veracode 8
cve 8
ubuntucve 8
nvd 8
debiancve 8
cvelist 8
cloudfoundry 1
photon 2
nessus
nessus
Fedora 21 : avr-binutils-2.24-4.fc21 (2014-14995)
2014-12-07 00:00:00
CentOS 7 : binutils (CESA-2015:2079)
2015-12-02 00:00:00
SuSE 11.3 Security Update : binutils (SAT Patch Number 10214)
2015-01-29 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2015-2079)
2015-11-24 00:00:00
RedHat Update for binutils RHSA-2015:2079-09
2015-11-20 00:00:00
Debian: Security Advisory (DSA-3123-2)
2015-01-08 00:00:00
redhat
redhat
(RHSA-2015:2079) Moderate: binutils security, bug fix, and enhancement update
2015-11-19 14:38:00
centos
centos
binutils security update
2015-11-30 19:23:41
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Gnu binutils affect PowerKVM
2018-06-18 01:30:35
Security Bulletin: A vulnerability in binutils affects IBM Flex System Manager (FSM): (CVE-2014-8501, CVE-2014-8502, CVE-2014-8503)
2019-01-31 01:45:01
Security Bulletin: Vulnerabilities in binutils affect IBM Chassis Management Module (CMM) (CVE-2014-8501 CVE-2014-8502 CVE-2014-8503)
2019-01-31 02:10:01
amazon
amazon
Medium: binutils
2015-12-14 10:00:00
osv
osv
binutils - security update
2015-01-09 00:00:00
binutils - security update
2015-03-28 00:00:00
debian
debian
[SECURITY] [DLA 184-1] binutils security update
2015-03-28 18:38:23
[SECURITY] [DSA 3123-1] binutils security update
2015-01-09 20:52:35
[SECURITY] [DSA 3123-2] binutils-mingw-w64 security update
2015-01-13 18:48:50
mageia
mageia
Updated binutils packages fix security vulnerabilities
2015-01-19 19:47:36
Updated gdb packages fix security vulnerability
2018-01-03 17:22:14
oraclelinux
oraclelinux
binutils security, bug fix, and enhancement update
2015-11-23 00:00:00
archlinux
archlinux
mingw-w64-binutils: multiple issues
2014-11-19 00:00:00
binutils: multiple issues
2014-11-19 00:00:00
arm-none-eabi-binutils: multiple issues
2014-11-19 00:00:00
securityvulns
securityvulns
GNU binutils multiple security vulnerabilities
2015-01-14 00:00:00
[SECURITY] [DSA 3123-2] binutils-mingw-w64 security update
2015-01-14 00:00:00
gentoo
gentoo
Binutils: Multiple vulnerabilities
2016-12-08 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: avr-binutils-2.24-4.fc21
2014-12-06 10:04:44
[SECURITY] Fedora 20 Update: arm-none-eabi-binutils-cs-2014.05.28-3.fc20
2014-12-06 02:37:17
[SECURITY] Fedora 21 Update: arm-none-eabi-binutils-cs-2014.05.28-3.fc21
2014-12-06 10:09:21
ubuntu
ubuntu
GNU binutils vulnerabilities
2015-02-09 00:00:00
gdb vulnerabilities
2017-07-26 00:00:00
freebsd
freebsd
GNU binutils -- multiple vulnerabilities
2014-12-09 00:00:00
prion
prion
Heap overflow
2014-12-09 23:59:00
Out-of-bounds
2014-12-09 23:59:00
Directory traversal
2014-12-09 23:59:00
veracode
veracode
Denial Of Service (DoS)
2020-12-06 04:26:31
Arbitrary File Write
2020-12-06 04:20:04
Denial Of Service (DoS)
2020-12-06 04:20:03
cve
cve
CVE-2014-8502
2014-12-09 23:59:04
CVE-2014-8737
2014-12-09 23:59:07
CVE-2014-8501
2014-12-09 23:59:03
ubuntucve
ubuntucve
CVE-2014-8501
2014-12-09 00:00:00
CVE-2014-8502
2014-12-09 00:00:00
CVE-2014-8737
2014-12-09 00:00:00
nvd
nvd
CVE-2014-8501
2014-12-09 23:59:03
CVE-2014-8737
2014-12-09 23:59:07
CVE-2014-8502
2014-12-09 23:59:04
debiancve
debiancve
CVE-2014-8502
2014-12-09 23:59:04
CVE-2014-8737
2014-12-09 23:59:07
CVE-2014-8503
2014-12-09 23:59:05
cvelist
cvelist
CVE-2014-8737
2014-12-09 22:52:00
CVE-2014-8501
2014-12-09 22:52:00
CVE-2014-8502
2014-12-09 22:52:00
cloudfoundry
cloudfoundry
USN-3367-1: gdb vulnerabilities | Cloud Foundry
2017-08-04 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0414
2023-06-20 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0601
2023-06-20 00:00:00

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.049

Percentile

92.9%

JSON
Related for DEBIAN_DSA-3123.NASL
nessus27openvas23redhat1centos1ibm3amazon1osv2debian3mageia2oraclelinux1archlinux4securityvulns2gentoo1fedora10ubuntu2freebsd1prion8veracode8cve8ubuntucve8nvd8debiancve8cvelist8cloudfoundry1photon2