Michal Zalewski reported an invalid read flaw in libbfd, used by, for example, the "strings" utility. Running "strings" on a malicious file could cause "strings" to crash: http://seclists.org/oss-sec/2014/q4/424 It is unclear yet if it is possible to leverage this issue for more than a crash. Dave Rutherford noted on oss-security that using certain web browsers to save a malicious file could trigger this issue and cause the browser to crash: http://seclists.org/oss-sec/2014/q4/426
I haven't looked deeply at this, but if the problem is truely in the srec code rather than higher up in the call chain, then I'd consider this pretty low priority. srecords aren't really used anymore and one could easily argue they should not be enabled by default anymore -- they're strictly for ancient (think 1970s/1980s) embedded systems. I wouldn't be terribly surprised if fuzzers found bugs in other ancient bfd targets either.
One more note, upstream already has a patch ready that fixes this problem and it's already been pushed into Rawhide as well.
Hi Guys, The patch was not in Rawhide, but it is in upstream FSF sources. I have backported the patch and it is now available in: binutils-2.24-24.fc22 binutils-2.24-23.fc21 binutils-2.23.88.0.1-19.fc20 Cheers Nick
(In reply to Nick Clifton from comment #4) > Hi Guys, > > The patch was not in Rawhide, but it is in upstream FSF sources. I have > backported the patch and it is now available in: > > binutils-2.24-24.fc22 > binutils-2.24-23.fc21 > binutils-2.23.88.0.1-19.fc20 > > Cheers > Nick Thanks!
MITRE assigned CVE-2014-8484 to this issue (upstream https://sourceware.org/bugzilla/show_bug.cgi?id=17509): http://www.openwall.com/lists/oss-security/2014/10/26/2
FWIW, the controlled write in the ELF code that was reported over the weekend seems far more serious to me than issues in the srec code.
(In reply to Jeff Law from comment #7) > FWIW, the controlled write in the ELF code that was reported over the > weekend seems far more serious to me than issues in the srec code. Agree, that one was assigned CVE-2014-8485: https://bugzilla.redhat.com/show_bug.cgi?id=1157276
I have just added a second patch to the binutils RPM for this BZ. This patch addresses a second seg-fault that can be triggered by corrupt ELF binaries, an example of which was attached to the upstream PR 17512: https://sourceware.org/bugzilla/show_bug.cgi?id=17512. This patch is in: binutils-2.24-26.fc22 binutils-2.24-25.fc21 binutils-2.23.88.0.1-21.fc20 Also the patches are now in the FSF master and 2.25 binutils branches, so the fixes should propagate to the rest of the Linux world fairly soon.
Statement: Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
Upstream bugreport: https://sourceware.org/bugzilla/show_bug.cgi?id=17509 Upstream patch for this: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd25671c6f202c4a5108883caa2adb24ff6f361f
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2079 https://rhn.redhat.com/errata/RHSA-2015-2079.html