Day 38: Understanding Core Unix Components and their Historical Security Issues (binutils)
--
*More usage examples to be added soon!
Binutils
http://ftp.gnu.org/gnu/binutils/binutils-2.31.1.tar.xz
The Binutils package contains a linker, an assembler, and other tools for handling object files.
Installed Binaries
addr2line
Translates program addresses to file names and line numbers; given an address and the name of an executable, it uses the debugging information in the executable to determine which source file and line number are associated with the address
root@aflone:~# cat hello.c
#include <stdio.h>
int main()
{
printf("hello\n");
return 0;
}
root@aflone:~# gcc -g hello.c
root@aflone:~# objdump -d a.out | grep -a4 "<main>:"
40051e: ff d0 callq *%rax
400520: 5d pop %rbp
400521: e9 7a ff ff ff jmpq 4004a0 <register_tm_clones>0000000000400526 <main>:
400526: 55 push %rbp
400527: 48 89 e5 mov %rsp,%rbp
40052a: bf c4 05 40 00 mov $0x4005c4,%edi
40052f: e8 cc fe ff ff callq 400400 <puts@plt>
root@aflone:~# addr2line a.out 400526
??:0
/root/hello.c:3
ar
Creates, modifies, and extracts from archives
as
An assembler that assembles the output of gcc into object files
c++filt
Used by the linker to de-mangle C++ and Java symbols and to keep overloaded functions from clashing
elfedit
Updates the ELF header of ELF files
gprof
Displays call graph profile data
ld
A linker that combines a number of object and archive files into a single file, relocating their data and tying up symbol references
ld.gold
A cut down version of ld that only supports the elf object file format
ld.bfd
Hard link to ld
nm
Lists the symbols occurring in a given object file
objcopy
Translates one type of object file into another
objdump
Displays information about the given object file, with options controlling the particular information to display; the information shown is useful to programmers who are working on the compilation tools
ranlib
Generates an index of the contents of an archive and stores it in the archive; the index lists all of the symbols defined by archive members that are relocatable object files
readelf
Displays information about ELF type binaries
size
Lists the section sizes and the total size for the given object files
strings
Outputs, for each given file, the sequences of printable characters that are of at least the specified length (defaulting to four); for object files, it prints, by default, only the strings from the initializing and loading sections while for other types of files, it scans the entire file
strip
Discards symbols from object files
Installed Libraries
libbfd
The Binary File Descriptor library
libopcodes
A library for dealing with opcodes — the “readable text” versions of instructions for the processor; it is used for building utilities like objdump
Directories
/usr/lib/ldscriptsVulnerabilities
Top 10 Critical
- CVE-2005–4808
Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file. - CVE-2005–4807
Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code. - CVE-2006–2362
Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character. - CVE-2014–8485
The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file. - CVE-2014–8501
The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) and possibly have other unspecified impact via a crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable. - CVE-2014–8502
Heap-based buffer overflow in the pe_print_edata function in bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a truncated export table in a PE file. - CVE-2014–8503
Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted ihex file. - CVE-2014–8504
Stack-based buffer overflow in the srec_scan function in bfd/srec.c in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact via a crafted file. - CVE-2014–9939
ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects. - CVE-2017–7614
elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a “member access within null pointer” undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an “int main() {return 0;}” program.
