ID de Prueba:	1.3.6.1.4.1.25623.1.0.120610
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2015-620)
Resumen:	The remote host is missing an update for the 'binutils' package(s) announced via the ALAS-2015-620 advisory.
Descripción:	Summary: The remote host is missing an update for the 'binutils' package(s) announced via the ALAS-2015-620 advisory. Vulnerability Insight: A directory traversal flaw was found in the strip and objcopy utilities. A specially crafted file could cause strip or objdump to overwrite an arbitrary file writable by the user running either of these utilities. A buffer overflow flaw was found in the way various binutils utilities processed certain files. If a user were tricked into processing a specially crafted file, it could cause the utility used to process that file to crash or, potentially, execute arbitrary code with the privileges of the user running that utility. An integer overflow flaw was found in the way the strings utility processed certain files. If a user were tricked into running the strings utility on a specially crafted file, it could cause the strings executable to crash. A stack-based buffer overflow flaw was found in the SREC parser of the libbfd library. A specially crafted file could cause an application using the libbfd library to crash or, potentially, execute arbitrary code with the privileges of the user running that application. A heap-based buffer overflow flaw was found in the way certain binutils utilities processed archive files. If a user were tricked into processing a specially crafted archive file, it could cause the utility used to process that archive to crash or, potentially, execute arbitrary code with the privileges of the user running that utility. A stack-based buffer overflow flaw was found in the way various binutils utilities processed certain files. If a user were tricked into processing a specially crafted file, it could cause the utility used to process that file to crash or, potentially, execute arbitrary code with the privileges of the user running that utility. A stack-based buffer overflow flaw was found in the way objdump processed IHEX files. A specially crafted IHEX file could cause objdump to crash or, potentially, execute arbitrary code with the privileges of the user running objdump. It was found that the fix for the CVE-2014-8485 issue was incomplete: a heap-based buffer overflow in the objdump utility could cause it to crash or, potentially, execute arbitrary code with the privileges of the user running objdump when processing specially crafted files. Affected Software/OS: 'binutils' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8484 BugTraq ID: 70714 http://www.securityfocus.com/bid/70714 http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145742.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145262.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145328.html https://security.gentoo.org/glsa/201612-24 http://www.mandriva.com/security/advisories?name=MDVSA-2015:029 http://openwall.com/lists/oss-security/2014/10/23/5 http://www.openwall.com/lists/oss-security/2014/10/26/2 http://secunia.com/advisories/62241 http://secunia.com/advisories/62746 http://www.ubuntu.com/usn/USN-2496-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-8485 BugTraq ID: 70741 http://www.securityfocus.com/bid/70741 http://lcamtuf.blogspot.co.uk/2014/10/psa-dont-run-strings-on-untrusted-files.html Common Vulnerability Exposure (CVE) ID: CVE-2014-8501 BugTraq ID: 70866 http://www.securityfocus.com/bid/70866 http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147354.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147346.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148427.html http://www.openwall.com/lists/oss-security/2014/10/26/3 http://www.openwall.com/lists/oss-security/2014/10/31/1 Common Vulnerability Exposure (CVE) ID: CVE-2014-8502 BugTraq ID: 70869 http://www.securityfocus.com/bid/70869 Common Vulnerability Exposure (CVE) ID: CVE-2014-8503 BugTraq ID: 70868 http://www.securityfocus.com/bid/70868 Common Vulnerability Exposure (CVE) ID: CVE-2014-8504 BugTraq ID: 70761 http://www.securityfocus.com/bid/70761 http://www.openwall.com/lists/oss-security/2014/10/27/4 http://www.openwall.com/lists/oss-security/2014/10/27/5 Common Vulnerability Exposure (CVE) ID: CVE-2014-8737 BugTraq ID: 70908 http://www.securityfocus.com/bid/70908 http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145256.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145746.html http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145352.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148438.html http://www.openwall.com/lists/oss-security/2014/11/13/1 Common Vulnerability Exposure (CVE) ID: CVE-2014-8738 BugTraq ID: 71083 http://www.securityfocus.com/bid/71083 Debian Security Information: DSA-3123 (Google Search) http://www.debian.org/security/2015/dsa-3123 http://www.openwall.com/lists/oss-security/2014/11/02/4 http://www.openwall.com/lists/oss-security/2014/11/05/7 http://www.openwall.com/lists/oss-security/2014/11/13/2
Copyright	Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.