Bug 1250129 (CVE-2014-9939)

Summary: CVE-2014-9939 binutils: buffer overflow in ihex.c
Product: [Other] Security Response Reporter: Adam Mariš <amaris>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: barracks510, carnil, dan, dhowells, erik-fedora, fedora-mingw, giallu, jakub, kanderso, klember, ktietz, law, lkocman, lkundrak, mfranc, mhlavink, nickc, nobody+bgollahe, ohudlick, opensource, rjones, rob, swhiteho, thibault.north, tmlcoch, trond.danielsen, yselkowi
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-05 14:46:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1250141    
Bug Blocks: 1250146    
Attachments:
Description Flags
Upstream patch
none
Reproducer none

Description Adam Mariš 2015-08-04 15:01:01 UTC 
There was found a buffer overflow vulnerability in binutils 2.6 and lower in ihex.c.

Waiting for CVE assignment:
http://seclists.org/oss-sec/2015/q3/265
Comment 1 Adam Mariš 2015-08-04 15:07:18 UTC 
Created attachment 1059121 [details]
Upstream patch
Comment 2 Adam Mariš 2015-08-04 15:10:44 UTC 
Created attachment 1059123 [details]
Reproducer
Comment 3 Adam Mariš 2015-08-04 15:12:42 UTC 
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 1250141]
Comment 4 Nick Clifton 2015-08-04 16:45:24 UTC 
This bug is now fixed in: binutils-2.25.1-3.fc24

I am not sure if the problem is important enough to warrant backporting the patch to earlier versions of Fedora however.
Comment 5 Jeff Law 2015-08-04 16:46:58 UTC 
I wouldn't think that ihex would be important enough to warrant backporting to earlier versions of fedora.
Comment 6 Stefan Cornelius 2015-08-05 13:53:17 UTC 
For RHEL5/6/7/Fedora, the stack-based buffer overflow is detected and mitigated by fortify source. Thus, the worst outcome should be a mere crash/application abort. It should not be possible to exploit this flaw to gain code execution.

Statement:

This issue affects the versions of binutils as shipped with Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this issue as having Low security impact. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Comment 9 Yaakov Selkowitz 2015-08-26 02:05:39 UTC 
fedora-all/arm-none-eabi-binutils-cs=affected appears to be missing from the Whiteboard.  This has been fixed in cross-binutils but not yet in the other *-binutils packages.