Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 13 Nov 2014 02:46:57 -0500 (EST)
From: cve-assign@...re.org
To: cherepan@...me.ru
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: strings / libbfd crasher

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> https://sourceware.org/bugzilla/show_bug.cgi?id=17533#c0
> https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f
> 
> printf '!<arch>\n//%48d%8s`\n' -2 '' > test.a
> objdump -x test.a
> 
> ==14181== Invalid write of size 8
>
> archive.c (_bfd_slurp_extended_name_table): Handle archives with corrupt extended name tables.

Use CVE-2014-8738.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUZGDUAAoJEKllVAevmvmsXAQH/2QrS1TXDfKsTTi05CibQ/++
8O2JRClUGSHKFskId1JMHvogl2kTJ801tcbtU59R/DDlQ6ps3wQHnwvNDn+iPgoM
ovoX5poC3ZdUajI0frxe9Z5CY3I++57YSaCfic0NT9HaUYKXduj/aYBfv+ytESql
3iEifgn360acVgsUi1bx5kXiIQBQ58EWX/N4uHsATU6XPfQxXsXtfbJMif4punL5
Ck5FB2u2OymUg/qJruq4Tes6v0srlNDvM5Zn8Iy+gxGNUQ3wpVa3RHv/czxl7oHN
ArnFqna6Uu9EZx9cFFX4G9tSFuWMvOkMucoWG3dsvoaROCuMnPwjVb8PI+0/yxw=
=459F
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ