CVE-2021-45078 – This vulnerability in GNU Binutils allows attac... (How to Fix)

Q: What is the severity of CVE-2021-45078?

CVE-2021-45078 has a CVSS score of 7.8 (HIGH). This vulnerability in GNU Binutils allows attackers to trigger a heap-based buffer overflow via the stab_xcoff_builtin_type function in stabs.c. It can cause denial of service or potentially allow arbitrary code execution. Anyone using affected versions of Binutils tools (like objdump, readelf, or gdb) to process maliciously crafted files is vulnerable.

📋 TL;DR

This vulnerability in GNU Binutils allows attackers to trigger a heap-based buffer overflow via the stab_xcoff_builtin_type function in stabs.c. It can cause denial of service or potentially allow arbitrary code execution. Anyone using affected versions of Binutils tools (like objdump, readelf, or gdb) to process maliciously crafted files is vulnerable.

💻 Affected Systems

Products:

GNU Binutils

Versions: All versions through 2.37

Operating Systems: Linux, Unix-like systems, Any OS using Binutils

Default Config Vulnerable: ⚠️ Yes

Notes: This vulnerability stems from an incorrect fix for CVE-2018-12699. The issue is triggered when processing XCOFF debug information in object files.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise if exploited through processing of malicious input files.

🟠

Likely Case

Denial of service (crash) when processing specially crafted object files or debug information.

🟢

If Mitigated

Limited to denial of service if exploit attempts are blocked by security controls.

🌐 Internet-Facing: MEDIUM - Exploitation requires processing malicious files, which could occur through file uploads or automated analysis services.

🏢 Internal Only: MEDIUM - Developers and build systems using Binutils could be targeted via malicious source code or object files.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Proof-of-concept exists in the bug report. Exploitation requires the victim to process a malicious file with Binutils tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Binutils 2.38 and later

Vendor Advisory: https://sourceware.org/bugzilla/show_bug.cgi?id=28694

Restart Required: No

Instructions:

1. Update Binutils to version 2.38 or later. 2. For Linux distributions, use package manager: 'sudo apt update && sudo apt upgrade binutils' (Debian/Ubuntu) or 'sudo yum update binutils' (RHEL/CentOS). 3. Recompile any software that statically links Binutils.

🔧 Temporary Workarounds

Restrict file processing

all

Limit processing of untrusted object files with Binutils tools.

Use sandboxing

linux

Run Binutils tools in isolated containers or sandboxes when processing untrusted files.

docker run --rm -v $(pwd):/files ubuntu binutils-command /files/untrusted.o

🧯 If You Can't Patch

Implement strict input validation for files processed by Binutils tools.
Monitor and log crashes of Binutils-related processes for detection of exploitation attempts.

🔍 How to Verify

Check if Vulnerable:

Check Binutils version: 'ld --version' or 'objdump --version'. If version is 2.37 or earlier, system is vulnerable.

Check Version:

ld --version | head -1

Verify Fix Applied:

After update, verify version is 2.38 or later: 'ld --version | head -1'.

📡 Detection & Monitoring

Log Indicators:

Segmentation faults or abnormal termination of Binutils tools (objdump, readelf, ld)
Core dumps from Binutils processes

Network Indicators:

Unusual file transfers to systems running Binutils tools
Uploads of object files to web services that process them

SIEM Query:

process_name IN ('objdump', 'readelf', 'ld', 'gdb') AND exit_code = 139

📊 Metadata

CVE ID: CVE-2021-45078

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: December 15, 2021

Last Updated: November 21, 2024

🔗 References

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQBH244M5PV6S6UMHUTCVCWFZDX7Y4M6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UUHLDDT3HH7YEY6TX7IJRGPJUTNNVEL3/
https://security.gentoo.org/glsa/202208-30 Third Party Advisory
https://security.netapp.com/advisory/ntap-20220107-0002/ Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=28694 Exploit,Issue Tracking,Patch,Third Party Advisory
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=161e87d12167b1e36193385485c1f6ce92f74f02
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQBH244M5PV6S6UMHUTCVCWFZDX7Y4M6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UUHLDDT3HH7YEY6TX7IJRGPJUTNNVEL3/
https://security.gentoo.org/glsa/202208-30 Third Party Advisory
https://security.netapp.com/advisory/ntap-20220107-0002/ Third Party Advisory
https://sourceware.org/bugzilla/show_bug.cgi?id=28694 Exploit,Issue Tracking,Patch,Third Party Advisory
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=161e87d12167b1e36193385485c1f6ce92f74f02

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-45078, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Binutils by Gnu

Debian Linux by Debian

Debian Linux by Debian

Debian Linux by Debian

Enterprise Linux by Redhat

Fedora by Fedoraproject

Fedora by Fedoraproject

Ontap Select Deploy Administration Utility by Netapp

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict file processing

Use sandboxing

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities