Date: Sat, 03 Jan 2015 22:50:26 +0300 From: Alexander Cherepanov <cherepan@...me.ru> To: oss-security@...ts.openwall.com CC: cve-assign@...re.org Subject: Re: CVE request: file(1) DoS On 2014-12-17 03:44, Alexander Cherepanov wrote: > There are two more DoSes fixed in ELF parser of file(1), similar to the > recent CVE-2014-8116. These fixes were included in 5.22 release: http://mx.gw.com/pipermail/file/2015/001660.html > 1. Limit the number of ELF notes processed > Report: http://mx.gw.com/pipermail/file/2014/001653.html > Fix: https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4 This issue seems to be introduced here: https://github.com/file/file/commit/956a45ab1c54b11304b367056f41905e72a02380#diff-bc5c24ef9f39a5f4963ca28ecbc645b3L423 which ended up in 5.08 release. Hence releases 5.08--5.21 are vulnerable. > 2. Limit string printing to 100 chars > Report: http://mx.gw.com/pipermail/file/2014/001654.html > Fix: https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c This issue was introduced in the following commit: https://github.com/file/file/commit/c8451af8ab0c2e2a93ce93b9c68257d31576cc85 which ended up in 5.16 release. Hence releases 5.16--5.21 are vulnerable. > Both problems amplified by the fact that the same section in ELF file > can be referenced and processed by file(1) multiple times. This is also > fixed in the first commit linked above. > > Could CVE(s) please be assigned? -- Alexander Cherepanov
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ