Bug 1156272 (CVE-2014-8484) - CVE-2014-8484 binutils: invalid read flaw in libbfd
Summary: CVE-2014-8484 binutils: invalid read flaw in libbfd
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2014-8484
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20141020,repor...
Depends On: 1168281 1168302 1172710
Blocks: 1156276 1210268
TreeView+ depends on / blocked
 
Reported: 2014-10-24 03:59 UTC by Murray McAllister
Modified: 2019-06-11 11:13 UTC (History)
14 users (show)

Fixed In Version: binutils 2.25
Doc Type: Bug Fix
Doc Text:
An integer overflow flaw was found in the way the strings utility processed certain files. If a user were tricked into running the strings utility on a specially crafted file, it could cause the strings executable to crash.
Clone Of:
Environment:
Last Closed: 2019-06-08 02:35:24 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:2079 normal SHIPPED_LIVE Moderate: binutils security, bug fix, and enhancement update 2015-11-19 07:41:11 UTC

Description Murray McAllister 2014-10-24 03:59:20 UTC
Michal Zalewski reported an invalid read flaw in libbfd, used by, for example, the "strings" utility. Running "strings" on a malicious file could cause "strings" to crash:

http://seclists.org/oss-sec/2014/q4/424

It is unclear yet if it is possible to leverage this issue for more than a crash.

Dave Rutherford noted on oss-security that using certain web browsers to save a malicious file could trigger this issue and cause the browser to crash:

http://seclists.org/oss-sec/2014/q4/426

Comment 2 Jeff Law 2014-10-24 15:07:56 UTC
I haven't looked deeply at this, but if the problem is truely in the srec code rather than higher up in the call chain, then I'd consider this pretty low priority.  srecords aren't really used anymore and one could easily argue they should not be enabled by default anymore -- they're strictly for ancient (think 1970s/1980s) embedded systems.

I wouldn't be terribly surprised if fuzzers found bugs in other ancient bfd targets either.

Comment 3 Jeff Law 2014-10-24 15:14:21 UTC
One more note, upstream already has a patch ready that fixes this problem and it's already been pushed into Rawhide as well.

Comment 4 Nick Clifton 2014-10-24 15:32:21 UTC
Hi Guys,

  The patch was not in Rawhide, but it is in upstream FSF sources.  I have backported the patch and it is now available in:

 binutils-2.24-24.fc22
 binutils-2.24-23.fc21
 binutils-2.23.88.0.1-19.fc20

Cheers
  Nick

Comment 5 Murray McAllister 2014-10-27 02:56:44 UTC
(In reply to Nick Clifton from comment #4)
> Hi Guys,
> 
>   The patch was not in Rawhide, but it is in upstream FSF sources.  I have
> backported the patch and it is now available in:
> 
>  binutils-2.24-24.fc22
>  binutils-2.24-23.fc21
>  binutils-2.23.88.0.1-19.fc20
> 
> Cheers
>   Nick

Thanks!

Comment 6 Murray McAllister 2014-10-27 02:57:29 UTC
MITRE assigned CVE-2014-8484 to this issue (upstream https://sourceware.org/bugzilla/show_bug.cgi?id=17509):

http://www.openwall.com/lists/oss-security/2014/10/26/2

Comment 7 Jeff Law 2014-10-27 16:24:26 UTC
FWIW, the controlled write in the ELF code that was reported over the weekend seems far more serious to me than issues in the srec code.

Comment 8 Murray McAllister 2014-10-28 03:08:15 UTC
(In reply to Jeff Law from comment #7)
> FWIW, the controlled write in the ELF code that was reported over the
> weekend seems far more serious to me than issues in the srec code.

Agree, that one was assigned CVE-2014-8485:

https://bugzilla.redhat.com/show_bug.cgi?id=1157276

Comment 9 Nick Clifton 2014-10-28 11:28:06 UTC
I have just added a second patch to the binutils RPM for this BZ.  This patch addresses a second seg-fault that can be triggered by corrupt ELF binaries, an example of which was attached to the upstream PR 17512: https://sourceware.org/bugzilla/show_bug.cgi?id=17512.

This patch is in:

 binutils-2.24-26.fc22
 binutils-2.24-25.fc21
 binutils-2.23.88.0.1-21.fc20

Also the patches are now in the FSF master and 2.25 binutils branches, so the fixes should propagate to the rest of the Linux world fairly soon.

Comment 10 Vasyl Kaigorodov 2014-11-26 14:21:47 UTC
Statement:

Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Comment 16 errata-xmlrpc 2015-11-19 03:32:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:2079 https://rhn.redhat.com/errata/RHSA-2015-2079.html


Note You need to log in before you can comment on or make changes to this bug.