oss-sec mailing list archives
Re: cve request: libbfd?
From: Alexander Cherepanov <cherepan () mccme ru>
Date: Fri, 21 Nov 2014 17:37:40 +0300
On 21.11.2014 16:15, Vasyl Kaigorodov wrote:
Has anyone from MITRE had a chance to look into it yet?
They were assigned in other threads, see below.
On Tue, 11 Nov 2014, Vasyl Kaigorodov wrote:>Directory traversal vulnerability allowing random files deleteion/creation >Upstream tracker:https://sourceware.org/bugzilla/show_bug.cgi?id=17552 >Upstream patch:https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42
There were two variants of this vulnerability -- file creation with ar and file deletion with strip/objcopy. Both are fixed with the commit you linked to above.
MITRE assigned CVE-2014-8737 to it here: http://www.openwall.com/lists/oss-security/2014/11/13/1
>Out-of-bounds memory write while processing a crafted "ar" archive >Upstream tracker:https://sourceware.org/bugzilla/show_bug.cgi?id=17533 >Upstream patch:https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f
MITRE assigned CVE-2014-8738 to it here: http://www.openwall.com/lists/oss-security/2014/11/13/2 -- Alexander Cherepanov
Current thread:
- cve request: libbfd? Michal Zalewski (Oct 25)
- Re: cve request: libbfd? Vasyl Kaigorodov (Nov 11)
- Re: cve request: libbfd? Vasyl Kaigorodov (Nov 21)
- Re: cve request: libbfd? Alexander Cherepanov (Nov 21)
- Re: cve request: libbfd? Vasyl Kaigorodov (Nov 21)
- Re: cve request: libbfd? Vasyl Kaigorodov (Nov 11)