CVE-2019-7665 - In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in el

CVE-2019-7665

Summary

In elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.

References

Vulnerable Configurations

cpe:2.3:a:elfutils_project:elfutils:0.175:*:*:*:*:*:*:*
cpe:2.3:a:elfutils_project:elfutils:0.175:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 30-11-2021 - 19:53)
Impact:
Exploitability:

CWE

CWE-125

CAPEC

Infiltration of Hardware Development Environment
An attacker, leveraging the ability to manipulate components of primary support systems and tools within the development and production environments, inserts malicious software within the hardware and/or firmware development environment. The infiltration purpose is to alter developed hardware components in a system destined for deployment at the victim's organization, for the purpose of disruption or further compromise.
Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:N/A:P

redhat via4

advisories

bugzilla

id	1704754
title	elfutils xlate (cross-endian) functions might not convert an ELF Note header

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 7 is installed
oval oval:com.redhat.rhba:tst:20150364027

AND
comment elfutils is earlier than 0:0.176-2.el7
oval oval:com.redhat.rhsa:tst:20192197001
comment elfutils is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhea:tst:20150369002

AND

comment elfutils-default-yama-scope is earlier than 0:0.176-2.el7
oval oval:com.redhat.rhsa:tst:20192197003
comment elfutils-default-yama-scope is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192197004

AND

comment elfutils-devel is earlier than 0:0.176-2.el7
oval oval:com.redhat.rhsa:tst:20192197005
comment elfutils-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhea:tst:20150369004

AND

comment elfutils-devel-static is earlier than 0:0.176-2.el7
oval oval:com.redhat.rhsa:tst:20192197007
comment elfutils-devel-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhea:tst:20150369006

AND

comment elfutils-libelf is earlier than 0:0.176-2.el7
oval oval:com.redhat.rhsa:tst:20192197009
comment elfutils-libelf is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhea:tst:20150369008

AND

comment elfutils-libelf-devel is earlier than 0:0.176-2.el7
oval oval:com.redhat.rhsa:tst:20192197011
comment elfutils-libelf-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhea:tst:20150369010

AND

comment elfutils-libelf-devel-static is earlier than 0:0.176-2.el7
oval oval:com.redhat.rhsa:tst:20192197013
comment elfutils-libelf-devel-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhea:tst:20150369012

AND
comment elfutils-libs is earlier than 0:0.176-2.el7
oval oval:com.redhat.rhsa:tst:20192197015
comment elfutils-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhea:tst:20150369014

rhsa

id	RHSA-2019:2197
released	2019-08-06
severity	Low
title	RHSA-2019:2197: elfutils security, bug fix, and enhancement update (Low)

bugzilla

id	1705138
title	elfutils xlate (cross-endian) functions might not convert an ELF Note header

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 8 is installed
oval oval:com.redhat.rhba:tst:20193384074

AND
comment elfutils is earlier than 0:0.176-5.el8
oval oval:com.redhat.rhsa:tst:20193575001
comment elfutils is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhea:tst:20150369002

AND

comment elfutils-debugsource is earlier than 0:0.176-5.el8
oval oval:com.redhat.rhsa:tst:20193575003
comment elfutils-debugsource is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20193575004

AND

comment elfutils-default-yama-scope is earlier than 0:0.176-5.el8
oval oval:com.redhat.rhsa:tst:20193575005
comment elfutils-default-yama-scope is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20192197004

AND

comment elfutils-devel is earlier than 0:0.176-5.el8
oval oval:com.redhat.rhsa:tst:20193575007
comment elfutils-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhea:tst:20150369004

AND

comment elfutils-devel-static is earlier than 0:0.176-5.el8
oval oval:com.redhat.rhsa:tst:20193575009
comment elfutils-devel-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhea:tst:20150369006

AND

comment elfutils-libelf is earlier than 0:0.176-5.el8
oval oval:com.redhat.rhsa:tst:20193575011
comment elfutils-libelf is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhea:tst:20150369008

AND

comment elfutils-libelf-devel is earlier than 0:0.176-5.el8
oval oval:com.redhat.rhsa:tst:20193575013
comment elfutils-libelf-devel is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhea:tst:20150369010

AND

comment elfutils-libelf-devel-static is earlier than 0:0.176-5.el8
oval oval:com.redhat.rhsa:tst:20193575015
comment elfutils-libelf-devel-static is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhea:tst:20150369012

AND
comment elfutils-libs is earlier than 0:0.176-5.el8
oval oval:com.redhat.rhsa:tst:20193575017
comment elfutils-libs is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhea:tst:20150369014

rhsa

id	RHSA-2019:3575
released	2019-11-05
severity	Low
title	RHSA-2019:3575: elfutils security, bug fix, and enhancement update (Low)

rpms

elfutils-0:0.176-2.el7
elfutils-debuginfo-0:0.176-2.el7
elfutils-default-yama-scope-0:0.176-2.el7
elfutils-devel-0:0.176-2.el7
elfutils-devel-static-0:0.176-2.el7
elfutils-libelf-0:0.176-2.el7
elfutils-libelf-devel-0:0.176-2.el7
elfutils-libelf-devel-static-0:0.176-2.el7
elfutils-libs-0:0.176-2.el7
elfutils-0:0.176-5.el8
elfutils-debuginfo-0:0.176-5.el8
elfutils-debugsource-0:0.176-5.el8
elfutils-default-yama-scope-0:0.176-5.el8
elfutils-devel-0:0.176-5.el8
elfutils-devel-static-0:0.176-5.el8
elfutils-libelf-0:0.176-5.el8
elfutils-libelf-debuginfo-0:0.176-5.el8
elfutils-libelf-devel-0:0.176-5.el8
elfutils-libelf-devel-static-0:0.176-5.el8
elfutils-libs-0:0.176-5.el8
elfutils-libs-debuginfo-0:0.176-5.el8

refmap via4

misc	https://sourceware.org/bugzilla/show_bug.cgi?id=24089 https://sourceware.org/ml/elfutils-devel/2019-q1/msg00049.html
mlist	[debian-lts-announce] 20190225 [SECURITY] [DLA 1689-1] elfutils security update
suse	openSUSE-SU-2019:1590
ubuntu	USN-4012-1

Last major update

30-11-2021 - 19:53

Published

09-02-2019 - 16:29

Last modified

30-11-2021 - 19:53