oss-sec mailing list archives
Re: strings / libbfd crasher
From: cve-assign () mitre org
Date: Sun, 26 Oct 2014 18:05:01 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
http://lcamtuf.blogspot.com/2014/10/psa-dont-run-strings-on-untrusted-files.html
First, here are the two current CVE assignments for libbfd in GNU binutils. More CVE assignments may occur later (in particular, see below about versados.c). Affected programs apparently include strings (on some but not all platforms) as well as objdump and nm. The readelf program is not affected. CVE-2014-8484 is for the incorrect decrements in cases of S-records that are too short. References are: https://sourceware.org/bugzilla/show_bug.cgi?id=17509 http://openwall.com/lists/oss-security/2014/10/23/5 The available information at the moment is that this is fixed in binutils 2.25 (not yet available on the http://ftp.gnu.org/gnu/binutils/ site), whereas new discoveries in October 2014 might not all be fixed in 2.25. Regardless of the actual content of 2.25, CVE-2014-8484 will remain a separate CVE. http://openwall.com/lists/oss-security/2014/10/23/8 (i.e., the five-byte S100\n file) is not, by itself, an attack that crosses privilege boundaries in realistic circumstances, so this report is not currently part of any CVE. CVE-2014-8485 is for the current https://sourceware.org/bugzilla/show_bug.cgi?id=17510 content, i.e., incorrect "--n_elt / ++idx" code that makes the attachment 7846 and attachment 7848 attacks possible. The much earlier research by Tavis Ormandy is already covered by CVE-2005-1704. There is also CVE-2006-2362, which is an unrelated discovery. There is currently no CVE ID for the psa-dont-run-strings-on-untrusted-files.html "0xdeadbabe October 25, 2014 7:20 PM" comment about "another one related with PE file headers parsing." In general, a separate discovery that's potentially exploitable for code execution could have its own CVE ID. Does anyone want a CVE ID for that? Similarly, there are currently no CVE IDs for the https://sourceware.org/bugzilla/show_bug.cgi?id=16825 versados.c report. Does anyone want that report covered in CVE? Depending on exploitability, it would have approximately two CVE IDs. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUTW9VAAoJEKllVAevmvmswQ8IAIylWSMBjluWJVfD3DJtR8cf ij8mT0ODIzBlX/Nki29QcaRP20iUChqk+TMh7xHCFUe2p3gHm3dY+AilQSJk7hCh JYDC4yhKMe9bjA9YSnD8A9yUtDPww81wdOmdLHbKd31pN46pM3T6Bgu/IZv3zDbl UcEtBH7kYTK5SbZalDccMLTnkoT+SrGkvfOwoyyp2yoHFJt2KNPaipza/BKLyARl I4wVa/sv83FihpQy8Th7lEVXfltKISUU2rSCd7YZNRaxZeuUKEwni3eJkwzE7oDX oyPVXd+uLoyh2GPO75qro9ZP3vd3hq5diyjZVP4loPhJNcEO88v+Xlw3mjEZgH0= =+vIX -----END PGP SIGNATURE-----
Current thread:
- Re: strings / libbfd crasher, (continued)
- Re: strings / libbfd crasher Dave Rutherford (Oct 23)
- Re: strings / libbfd crasher mancha (Oct 23)
- Re: strings / libbfd crasher mancha (Oct 24)
- Re: strings / libbfd crasher Hanno Böck (Oct 24)
- Re: strings / libbfd crasher Michal Zalewski (Oct 24)
- Re: strings / libbfd crasher Michal Zalewski (Oct 24)
- Re: strings / libbfd crasher Hanno Böck (Oct 24)
- Re: strings / libbfd crasher Michal Zalewski (Oct 24)
- Re: strings / libbfd crasher Tavis Ormandy (Oct 24)
- Re: strings / libbfd crasher mancha (Oct 24)
- Re: Re: strings / libbfd crasher Hanno Böck (Oct 26)
- Re: strings / libbfd crasher cve-assign (Oct 30)
- Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 02)
- Re: Re: strings / libbfd crasher Hanno Böck (Nov 02)
- Re: Re: strings / libbfd crasher Michal Zalewski (Nov 02)
- Re: Re: strings / libbfd crasher Jann Horn (Nov 02)
- Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 04)
- Re: Re: strings / libbfd crasher Michal Zalewski (Nov 04)
- Re: Re: strings / libbfd crasher Alexander Cherepanov (Nov 11)
- Re: Re: strings / libbfd crasher Michal Zalewski (Nov 11)