The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

vulnerability CVE-2016-4487 CVE-2016-4488 CVE-2016-4489

binutils/libiberty: seven vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in binutils/libiberty.
Impacted software: GAiA, CheckPoint IP Appliance, SecurePlatform, CheckPoint Security Appliance, CheckPoint Security Gateway, Debian, Ubuntu.
Severity of this computer vulnerability: 2/4.
Consequences of an attack: administrator access/rights, privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Attacker's origin: user shell.
Number of vulnerabilities in this bulletin: 7.
Creation date: 18/07/2016.
Références of this announce: CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, DLA-552-1, sk116495, USN-3337-1, USN-3367-1, USN-3368-1, VIGILANCE-VUL-20140.

Description of the vulnerability

Several vulnerabilities were announced in binutils/libiberty.

An attacker can force the usage of a freed memory area via btypevec, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4487]

An attacker can force the usage of a freed memory area via ktypevec, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4488]

An attacker can generate an integer overflow, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4489]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4490]

An attacker can generate an infinite loop via d_print_comp(), in order to trigger a denial of service. [severity:1/4; CVE-2016-4491]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:2/4; CVE-2016-4492]

An attacker can force a read at an invalid address, in order to trigger a denial of service, or to obtain sensitive information. [severity:1/4; CVE-2016-4493]
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a networks vulnerabilities patch. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.