CIS Logo
tagline: Confidence in the Connected World

Multiple Vulnerabilities in GNU Binutils and GNU libiberty Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:

2018-070

DATE(S) ISSUED:

06/25/2018

OVERVIEW:

Multiple vulnerabilities have been discovered in the GNU Binutils and GNU libiberty libraries, which could allow for arbitrary code execution when the user runs the command ‘objdump’. The GNU Binary Utilities, or Binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code. GNU libiberty is a software library with a collection of subroutines used by various GNU programs, which is included in GNU Binutils. Successful exploitation of these vulnerabilities could cause denial-of-service conditions, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code in the context of the application. Depending on the privileges associated with the application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of this vulnerability could have less impact than if it was configured with administrative rights.

THREAT INTELLIGENCE:

The researcher who discovered this issue has created a proof-of-concept. Please see the references for more information.

SYSTEMS AFFECTED:

  • GNU Binutils 2.30 and possibly prior
  • GNU libiberty as distributed in GNU Binutils 2.30

RISK:

Government:
  • Large and medium government entities: MEDIUM
  • Small government entities: MEDIUM
Businesses:
  • Large and medium business entities: MEDIUM
  • Small business entities: MEDIUM
Home Users:
LOW

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in the GNUBinutils and GNUlibiberty libraries, which could allow for arbitrary code execution when the user runs the command ‘objdump’. These vulnerabilities exist within the libraries BinUtils and libiberty, which are used by programmers working on creating and managing binary programs, object files, libraries, profile data, and assembly source code.

Details of these vulnerabilities are as follows:

  • GNU libiberty is prone to a memory-corruption vulnerability that occurs due to a NULL pointer dereference error. This issue exists in the 'work_stuff_copy_to_from()' function within the 'cplus-dem.c' source file during the execution of 'objdump'. (CVE-2018-12697)
  • GNU libiberty is prone to a memory-corruption vulnerability that occurs during the 'Create an array for saving the template argument values' XNEWVEC call. This issue exists in the 'demangle_template()' function within the 'cplus-dem.c' source file during the execution of 'objdump'. (CVE-2018-12698)
  • GNU Binutils is prone to a heap-based buffer-overflow vulnerability that occurs due to an out-of-bounds write error. This issue exists in the 'finish_stab()' function within the 'stabs.c' source file during the execution of 'objdump'. (CVE-2018-12699)
  • GNU Binutils is prone to a denial-of-service vulnerability that occurs due to stack exhaustion. This issue exists in the 'debug_write_type()' function in the 'debug.c' source file. An attacker can exploit this issue to cause 'DEBUG_KIND_INDIRECT' infinite recursion. (CVE-2018-12700)

Successful exploitation of these vulnerabilities could cause denial-of-service conditions, denying service to legitimate users. Given the nature of this issue, attackers may also be able to execute arbitrary code in the context of the application. Depending on the privileges associated with the application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of this vulnerability could have less impact than if it was configured with administrative rights.

RECOMENDATIONS:

We recommend the following actions be taken:

  • Apply appropriate patches provided by the affected *nix distribution to the vulnerable systems, when they become available, immediately after appropriate testing.
    • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

REFERENCES:

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories

Protect Your Systems from Cyber Threats Like This

CIS Control That Helps Avoid This Issue Arrow CIS Control 3: Continuous Vulnerability Assessment and Remediation