Date: Sun, 26 Oct 2014 18:05:01 -0400 (EDT) From: cve-assign@...re.org To: hanno@...eck.de Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: strings / libbfd crasher -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > http://lcamtuf.blogspot.com/2014/10/psa-dont-run-strings-on-untrusted-files.html First, here are the two current CVE assignments for libbfd in GNU binutils. More CVE assignments may occur later (in particular, see below about versados.c). Affected programs apparently include strings (on some but not all platforms) as well as objdump and nm. The readelf program is not affected. CVE-2014-8484 is for the incorrect decrements in cases of S-records that are too short. References are: https://sourceware.org/bugzilla/show_bug.cgi?id=17509 http://openwall.com/lists/oss-security/2014/10/23/5 The available information at the moment is that this is fixed in binutils 2.25 (not yet available on the http://ftp.gnu.org/gnu/binutils/ site), whereas new discoveries in October 2014 might not all be fixed in 2.25. Regardless of the actual content of 2.25, CVE-2014-8484 will remain a separate CVE. http://openwall.com/lists/oss-security/2014/10/23/8 (i.e., the five-byte S100\n file) is not, by itself, an attack that crosses privilege boundaries in realistic circumstances, so this report is not currently part of any CVE. CVE-2014-8485 is for the current https://sourceware.org/bugzilla/show_bug.cgi?id=17510 content, i.e., incorrect "--n_elt / ++idx" code that makes the attachment 7846 and attachment 7848 attacks possible. The much earlier research by Tavis Ormandy is already covered by CVE-2005-1704. There is also CVE-2006-2362, which is an unrelated discovery. There is currently no CVE ID for the psa-dont-run-strings-on-untrusted-files.html "0xdeadbabe October 25, 2014 7:20 PM" comment about "another one related with PE file headers parsing." In general, a separate discovery that's potentially exploitable for code execution could have its own CVE ID. Does anyone want a CVE ID for that? Similarly, there are currently no CVE IDs for the https://sourceware.org/bugzilla/show_bug.cgi?id=16825 versados.c report. Does anyone want that report covered in CVE? Depending on exploitability, it would have approximately two CVE IDs. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUTW9VAAoJEKllVAevmvmswQ8IAIylWSMBjluWJVfD3DJtR8cf ij8mT0ODIzBlX/Nki29QcaRP20iUChqk+TMh7xHCFUe2p3gHm3dY+AilQSJk7hCh JYDC4yhKMe9bjA9YSnD8A9yUtDPww81wdOmdLHbKd31pN46pM3T6Bgu/IZv3zDbl UcEtBH7kYTK5SbZalDccMLTnkoT+SrGkvfOwoyyp2yoHFJt2KNPaipza/BKLyARl I4wVa/sv83FihpQy8Th7lEVXfltKISUU2rSCd7YZNRaxZeuUKEwni3eJkwzE7oDX oyPVXd+uLoyh2GPO75qro9ZP3vd3hq5diyjZVP4loPhJNcEO88v+Xlw3mjEZgH0= =+vIX -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.