CVE-2014-8501 Ubuntu Security Notification for Gdb Vulnerabilities (USN-3367-1)

2017年7月31日 3762点热度 0人点赞 0条评论

漏洞类别：Ubuntu

漏洞等级：

漏洞信息

It was discovered that gdb incorrectly handled certain malformed AOUT headers in PE executables.

It was discovered that gdb incorrectly handled printing bad bytes in Intel Hex objects.

It was discovered that gdb incorrectly handled certain string operations.

It was discovered that gdb incorrectly handled parsing certain binaries.

漏洞危害

If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only applied to Ubuntu 14.04 LTS. (CVE-2014-8501)

If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service. This issue only applied to Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131)

If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause gdb to crash, resulting in a denial of service. (CVE-2016-4491)

解决方案

Refer to Ubuntu advisory USN-3367-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3367-1: 14.04 (Kylin) on src (gdb)

USN-3367-1: 17.04 (zesty) on src (gdb)

USN-3367-1: 16.04 (Xenial) on src (gdb)

0daybank

CVE-2014-8501 Ubuntu Security Notification for Gdb Vulnerabilities (USN-3367-1)

文章评论