Security Bulletin
Summary
Open Source Binutils is used by IBM Netezza Analytics. IBM Netezza Analytics has addressed the applicable CVEs.
Vulnerability Details
CVEID: CVE-2018-10534
DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an out-of-bounds memory write in the _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/142630 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-10535
DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by NULL pointer dereference in the ignore_section_sym function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/142629 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-6323
DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an unsigned integer overflow in the elf_object_p function in elfcode.h in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted ELF file, a remote attacker could cause a denial of service.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/138359 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-6543
DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an integer overflow in the load_specific_debug_section() function in objdump.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/138675 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-7568
DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by integer overflow in the parse_die function in dwarf1.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted ELF file with corrupt dwarf1 debug information, a remote attacker could cause a denial of service.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/139775 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-7569
DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an integer underflow or overflow in the read_attribute_value function in dwarf2.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted ELF file with a corrupt DWARF FORM block, a remote attacker could cause a denial of service.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/139774 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-7570
DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by a NULL pointer dereference in the assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library. By persuading a victim to open a specially-crafted ELF file, a remote attacker could cause a denial of service.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/139773 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-7642
DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by aout_32_swap_std_reloc_out NULL pointer dereference in the swap_std_reloc_in function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/139810 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-7643
DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an integer overflow in the display_debug_ranges function in dwarf.c. By persuading a victim to open a specially-crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/139809 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-10372
DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by heap-based buffer over-read in process_cu_tu_index in dwarf.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted ELF file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/142399 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2018-10373
DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by NULL pointer dereference in concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/142402 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2017-17080
DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by the bfd_getl32 heap-based buffer over-read in the elf.c in the Binary File Descriptor (BFD) library (aka libbfd). By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 3.3
CVSS Temporal Score: https://exchange.xforce.ibmcloud.com/vulnerabilities/135756 for more information
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
CVEID: CVE-2017-16832
DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an integer overflow in the pe_bfd_read_buildid function in peicode.h in libbfd. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/134961 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-16831
DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an integer overflow in the coff_get_normalized_symtab function in coffgen.c in libbfd. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/134960 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-16830
DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an integer overflow in the print_gnu_property_note function in readelf.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/134959 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-16829
DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an out-of-bounds read in the _bfd_elf_parse_gnu_properties function in elf-properties.c in libbfd. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/134958 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-16828
DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an integer overflow and heap-based buffer over-read flaw in the display_debug_frames function in dwarf.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/134957 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-16827
DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by a slurp_symtab invalid free flaw in the aout_get_external_symbols function in aoutx.h in libbfd. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/134956 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CVEID: CVE-2017-16826
DESCRIPTION: GNU Binutils is vulnerable to a denial of service, caused by an invalid memory access flaw in the coff_slurp_line_table function in coffcode.h in libbfd. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 5.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/134953 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
Affected Products and Versions
IBM Netezza Analytics 1.2.4, 2.0-2.3, 3.0-3.0.2, 3.2-3.2.6, 3.3-3.3.3
Remediation/Fixes
| Product | VRMF | Remediation / First Fix |
|---|---|---|
| IBM Netezza Analytics | 3.3.4 | Link to Fix Central |
Workarounds and Mitigations
None
Get Notified about Future Security Bulletins
References
Change History
22 October 2018: Original version published
*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.
Disclaimer
Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.
Was this topic helpful?
Document Information
Modified date:
17 October 2019
UID
ibm10733785