Day 38: Understanding Core Unix Components and their Historical Security Issues (binutils)

Binutils

Installed Binaries

addr2line

root@aflone:~# cat hello.c 
#include <stdio.h>
int main()
{
printf("hello\n");
return 0;
}
root@aflone:~# gcc -g hello.c
root@aflone:~# objdump -d a.out | grep -a4 "<main>:"
40051e: ff d0 callq *%rax
400520: 5d pop %rbp
400521: e9 7a ff ff ff jmpq 4004a0 <register_tm_clones>
0000000000400526 <main>:
400526: 55 push %rbp
400527: 48 89 e5 mov %rsp,%rbp
40052a: bf c4 05 40 00 mov $0x4005c4,%edi
40052f: e8 cc fe ff ff callq 400400 <puts@plt>
root@aflone:~# addr2line a.out 400526
??:0
/root/hello.c:3

ar

as

c++filt

elfedit

gprof

ld

ld.gold

ld.bfd

nm

objcopy

objdump

ranlib

readelf

size

strings

strip

Installed Libraries

libbfd

libopcodes

Directories

/usr/lib/ldscripts

Vulnerabilities

Top 10 Critical

  • CVE-2005–4808
    Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file.
  • CVE-2005–4807
    Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code.
  • CVE-2006–2362
    Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.
  • CVE-2014–8485
    The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file.
  • CVE-2014–8501
    The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable.
  • CVE-2014–8502
    Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file.
  • CVE-2014–8503
    Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file.
  • CVE-2014–8504
    Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file.
  • CVE-2014–9939
    ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.
  • CVE-2017–7614
    elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a “member access within null pointer” undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an “int main() {return 0;}” program.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store