At a glance:

VD Number FG-VD-15-113
Date Discovered Nov 30, 2015
Risk
Impact Arbitrary Code Execution
Affected Software BinUtils Objdump
IPS Package Version 13.379

Zero-Day Advisory

Fortinet Discovers BinUtils Heap Overflow Vulnerability

Summary

Fortinet's FortiGuard Labs has discovered a Heap Overflow vulnerability in BinUtils Objdump software.

Objdump is a program for displaying various information about object files. For instance, it can be used as a disassembler to view an executable in assembly form. It is part of the GNU Binutils for fine-grained control over executable and other binary data.

A Heap Overflow vulnerability has been discovered in BinUtils Objdump. The vulnerability is caused by a crafted binary file which causes an out-of-bounds memory operation. It could allow malicious users to create code execution scenarios.

Solutions

FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:

BinUtils.Objdump.Heap.Overflow
Released May 18, 2018

Users should update to the latest BinUtils package.

Timeline

Fortinet reported the vulnerability to BinUtils on December 1, 2015.

BinUtils confirmed the vulnerability on December 04, 2015.

BinUtils patched the vulnerability on December 07, 2015.

References

Acknowledgement

This vulnerability was discovered by Kushal Shah of Fortinet's FortiGuard Labs.

IPS Subscription

Fortinet customers who subscribe to Fortinet's intrusion prevention (IPS) service should be protected against this vulnerability with the appropriate configuration parameters in place. Fortinet's IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.