ID CVE-2012-3509
Summary Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the "addition of CHUNK_HEADER_SIZE to the length," which triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:libiberty
    cpe:2.3:a:gnu:libiberty
  • GNU Binutils 2.22
    cpe:2.3:a:gnu:binutils:2.22
  • Canonical Ubuntu Linux 14.10
    cpe:2.3:o:canonical:ubuntu_linux:14.10
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 12.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:lts
  • Canonical Ubuntu Linux 10.04 LTS
    cpe:2.3:o:canonical:ubuntu_linux:10.04:-:-:-:lts
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
CVSS
Base: 5.0 (as of 25-08-2016 - 11:58)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-18300.NASL
    description - Thu Nov 15 2012 Patrick Monnerat 7.4.50-4.20120403cvs - Path 'objalloc' to fix libiberty security bug CVE-2012-3509. https://bugzilla.redhat.com/show_bug.cgi?id=877014 - Enable Python to support STL extensions. https://bugzilla.redhat.com/show_bug.cgi?id=865554 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 63040
    published 2012-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63040
    title Fedora 16 : insight-7.4.50-4.20120403cvs.fc16 (2012-18300)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-18311.NASL
    description - Thu Nov 15 2012 Patrick Monnerat 7.4.50-4.20120403cvs - Path 'objalloc' to fix libiberty security bug CVE-2012-3509. https://bugzilla.redhat.com/show_bug.cgi?id=877014 - Enable Python to support STL extensions. https://bugzilla.redhat.com/show_bug.cgi?id=865554 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 63041
    published 2012-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63041
    title Fedora 17 : insight-7.4.50-4.20120403cvs.fc17 (2012-18311)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-324.NASL
    description This update fixes several issues as described below. PR ld/12613 (no CVE assigned) Niranjan Hasabnis discovered that passing an malformed linker script to GNU ld, part of binutils, may result in a stack-based buffer overflow. If the linker is used with untrusted object files, this would allow remote attackers to cause a denial of service (crash) or possibly privilege escalation. CVE-2012-3509 #688951 Sang Kil Cha discovered that a buffer size calculation in libiberty, part of binutils, may result in integer overflow and then a heap buffer overflow. If libiberty or the commands in binutils are used to read untrusted binaries, this would allow remote attackers to cause a denial of service (crash) or possibly privilege escalation. PR binutils/18750 (no CVE assigned) Joshua Rogers reported that passing a malformed ihex (Intel hexadecimal) file to to various commands in binutils may result in a stack-based buffer overflow. A similar issue was found in readelf. If these commands are used to read untrusted binaries, this would allow remote attackers to cause a denial of service (crash) or possibly privilege escalation. For the oldoldstable distribution (squeeze), these problems have been fixed in version 2.20.1-16+deb6u2. For the oldstable distribution (wheezy) and the stable distribution (jessie), PR ld/12613 and CVE-2012-3509 were fixed before release, and PR binutils/18750 will be fixed in a later update. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 86227
    published 2015-10-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86227
    title Debian DLA-324-1 : binutils security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-18360.NASL
    description - Thu Nov 15 2012 Patrick Monnerat 7.4.50-4.20120403cvs - Path 'objalloc' to fix libiberty security bug CVE-2012-3509. https://bugzilla.redhat.com/show_bug.cgi?id=877014 - Enable Python to support STL extensions. https://bugzilla.redhat.com/show_bug.cgi?id=865554 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 63042
    published 2012-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=63042
    title Fedora 18 : insight-7.4.50-4.20120403cvs.fc18 (2012-18360)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-8528.NASL
    description Security patch for libiberty Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 76979
    published 2014-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76979
    title Fedora 19 : sdcc-3.3.0-1.fc19 (2014-8528)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-8510.NASL
    description Security patch for libiberty Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 76978
    published 2014-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76978
    title Fedora 20 : sdcc-3.3.0-1.fc20 (2014-8510)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2496-1.NASL
    description Michal Zalewski discovered that the setup_group function in libbfd in GNU binutils did not properly check group headers in ELF files. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8485) Hanno Bock discovered that the _bfd_XXi_swap_aouthdr_in function in libbfd in GNU binutils allowed out-of-bounds writes. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8501) Hanno Bock discovered a heap-based buffer overflow in the pe_print_edata function in libbfd in GNU binutils. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8502) Alexander Cherepanov discovered multiple directory traversal vulnerabilities in GNU binutils. An attacker could use this to craft input that could delete arbitrary files. (CVE-2014-8737) Alexander Cherepanov discovered the _bfd_slurp_extended_name_table function in libbfd in GNU binutils allowed invalid writes when handling extended name tables in an archive. An attacker could use this to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2014-8738) Hanno Bock discovered a stack-based buffer overflow in the ihex_scan function in libbfd in GNU binutils. An attacker could use this to craft input that could cause a denial of service (application crash). (CVE-2014-8503) Michal Zalewski discovered a stack-based buffer overflow in the srec_scan function in libbfd in GNU binutils. An attacker could use this to to craft input that could cause a denial of service (application crash); the GNU C library's Fortify Source printf protection should prevent the possibility of executing arbitrary code. (CVE-2014-8504) Michal Zalewski discovered that the srec_scan function in libbfd in GNU binutils allowed out-of-bounds reads. An attacker could use this to craft input to cause a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 12.04 LTS, and Ubuntu 10.04 LTS. (CVE-2014-8484) Sang Kil Cha discovered multiple integer overflows in the _objalloc_alloc function and objalloc_alloc macro in binutils. This could allow an attacker to cause a denial of service (application crash). This issue only affected Ubuntu 12.04 LTS and Ubuntu 10.04 LTS. (CVE-2012-3509) Alexander Cherepanov and Hanno Bock discovered multiple additional out-of-bounds reads and writes in GNU binutils. An attacker could use these to craft input that could cause a denial of service (application crash) or possibly execute arbitrary code. A few of these issues may be limited in exposure to a denial of service (application abort) by the GNU C library's Fortify Source printf protection. The strings(1) utility in GNU binutils used libbfd by default when examining executable object files; unfortunately, libbfd was not originally developed with the expectation of hostile input. As a defensive measure, the behavior of strings has been changed to default to 'strings --all' behavior, which does not use libbfd; use the new argument to strings, '--data', to recreate the old behavior. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 81255
    published 2015-02-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81255
    title Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : binutils vulnerabilities (USN-2496-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2015-029.NASL
    description Multiple vulnerabilities has been found and corrected in binutils : Multiple integer overflows in the (1) _objalloc_alloc function in objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU libiberty, as used by binutils 2.22, allow remote attackers to cause a denial of service (crash) via vectors related to the addition of CHUNK_HEADER_SIZE to the length, which triggers a heap-based buffer overflow (CVE-2012-3509). The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before 2.25 allows remote attackers to cause a denial of service (out-of-bounds read) via a small S-record (CVE-2014-8484). The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file (CVE-2014-8485). The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable (CVE-2014-8501). Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file (CVE-2014-8502). Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file (CVE-2014-8503). Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file (CVE-2014-8504). Multiple directory traversal vulnerabilities in GNU binutils 2.24 and earlier allow local users to delete arbitrary files via a .. (dot dot) or full path name in an archive to (1) strip or (2) objcopy or create arbitrary files via (3) a .. (dot dot) or full path name in an archive to ar (CVE-2014-8737). The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (invalid write, segmentation fault, and crash) via a crafted extended name table in an archive (CVE-2014-8738). The updated packages provides a solution for these security issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 81195
    published 2015-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81195
    title Mandriva Linux Security Advisory : binutils (MDVSA-2015:029-1)
refmap via4
bid 55281
mandriva MDVSA-2015:029
misc
mlist
  • [gcc-patches] 20120829 [PATCH] PR other/54411: libiberty: objalloc_alloc integer overflows (CVE-2012-3509)
  • [oss-security] 20120829 CVE-2012-3509: objalloc_alloc integer overflows in libiberty
ubuntu USN-2496-1
xf gnu-libiberty-overflow(78135)
Last major update 25-08-2016 - 12:03
Published 05-09-2012 - 19:55
Last modified 28-08-2017 - 21:31
Back to Top