Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 26 Oct 2014 18:05:01 -0400 (EDT)
Subject: Re: strings / libbfd crasher

Hash: SHA1


First, here are the two current CVE assignments for libbfd in GNU
binutils. More CVE assignments may occur later (in particular, see
below about versados.c). Affected programs apparently include strings
(on some but not all platforms) as well as objdump and nm. The readelf
program is not affected.

CVE-2014-8484 is for the incorrect decrements in cases of S-records
that are too short. References are:
The available information at the moment is that this is fixed in
binutils 2.25 (not yet available on the site), whereas new discoveries in
October 2014 might not all be fixed in 2.25. Regardless of the actual
content of 2.25, CVE-2014-8484 will remain a separate CVE. (i.e., the
five-byte S100\n file) is not, by itself, an attack that crosses
privilege boundaries in realistic circumstances, so this report is not
currently part of any CVE.

CVE-2014-8485 is for the current content, i.e.,
incorrect "--n_elt / ++idx" code that makes the attachment 7846 and
attachment 7848 attacks possible.

The much earlier research by Tavis Ormandy is already covered by
CVE-2005-1704. There is also CVE-2006-2362, which is an unrelated

There is currently no CVE ID for the
psa-dont-run-strings-on-untrusted-files.html "0xdeadbabe October 25,
2014 7:20 PM" comment about "another one related with PE file headers
parsing." In general, a separate discovery that's potentially
exploitable for code execution could have its own CVE ID. Does anyone
want a CVE ID for that?

Similarly, there are currently no CVE IDs for the versados.c
report. Does anyone want that report covered in CVE? Depending on
exploitability, it would have approximately two CVE IDs.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through ]
Version: GnuPG v1.4.14 (SunOS)


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.