Bug 1162666 (CVE-2014-8738) - CVE-2014-8738 binutils: out of bounds memory write
Summary: CVE-2014-8738 binutils: out of bounds memory write
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2014-8738
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1162669 1162670 1162671 1162672 1162673 1162674 1162675 1162676 1162678 1168281 1168302 1172710
Blocks: 1156276 1210268
TreeView+ depends on / blocked
 
Reported: 2014-11-11 12:52 UTC by Vasyl Kaigorodov
Modified: 2021-02-17 06:02 UTC (History)
24 users (show)

Fixed In Version: binutils-2.23.52.0.1-55.el7
Doc Type: Bug Fix
Doc Text:
A heap-based buffer overflow flaw was found in the way certain binutils utilities processed archive files. If a user were tricked into processing a specially crafted archive file, it could cause the utility used to process that archive to crash or, potentially, execute arbitrary code with the privileges of the user running that utility.
Clone Of:
Environment:
Last Closed: 2019-06-08 02:35:59 UTC
Embargoed:


Attachments (Terms of Use)
Imported for for PR 17533 (6.11 KB, patch)
2014-11-13 12:00 UTC, Nick Clifton
no flags Details | Diff


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2015:2079 0 normal SHIPPED_LIVE Moderate: binutils security, bug fix, and enhancement update 2015-11-19 07:41:11 UTC

Description Vasyl Kaigorodov 2014-11-11 12:52:56 UTC
It was reported [1] that objdump will try to overwrite part of memory when processing a crafted "ar" archive file.
Upstream patch for this is at [2].
Reproducer is available in https://sourceware.org/bugzilla/show_bug.cgi?id=17533#c0

[1]: https://sourceware.org/bugzilla/show_bug.cgi?id=17533
[2]: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f

Comment 1 Vasyl Kaigorodov 2014-11-11 12:55:55 UTC
Created mingw-binutils tracking bugs for this issue:

Affects: fedora-all [bug 1162673]
Affects: epel-all [bug 1162678]

Comment 2 Vasyl Kaigorodov 2014-11-11 12:56:00 UTC
Created avr-binutils tracking bugs for this issue:

Affects: fedora-all [bug 1162670]
Affects: epel-all [bug 1162675]

Comment 3 Vasyl Kaigorodov 2014-11-11 12:56:03 UTC
Created arm-none-eabi-binutils-cs tracking bugs for this issue:

Affects: fedora-all [bug 1162669]

Comment 4 Vasyl Kaigorodov 2014-11-11 12:56:06 UTC
Created msp430-binutils tracking bugs for this issue:

Affects: fedora-all [bug 1162674]

Comment 5 Vasyl Kaigorodov 2014-11-11 12:56:09 UTC
Created cross-binutils tracking bugs for this issue:

Affects: fedora-all [bug 1162672]
Affects: epel-all [bug 1162676]

Comment 6 Vasyl Kaigorodov 2014-11-11 12:56:12 UTC
Created binutils tracking bugs for this issue:

Affects: fedora-all [bug 1162671]

Comment 7 Nick Clifton 2014-11-13 12:00:27 UTC
Created attachment 957153 [details]
Imported for for PR 17533

Comment 8 Nick Clifton 2014-11-13 12:02:49 UTC
Fixed in: binutils-2.24-29.fc22

I have applied a patch (uploaded to this BZ) to the rawhide binutils.  It is derived from the patches created for PR 17533, adapted to work with the rawhide sources.

Ideally the patch will soon be redundant, as rawhide should be switching over to the 2.25 binutils release, once that actually happens.  2.25 already contains this patch.

Comment 9 Vasyl Kaigorodov 2014-11-26 15:11:57 UTC
Statement:

Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.

Comment 11 Fedora Update System 2014-12-06 02:37:24 UTC
arm-none-eabi-binutils-cs-2014.05.28-3.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 Fedora Update System 2014-12-06 02:40:52 UTC
avr-binutils-2.24-3.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 13 Fedora Update System 2014-12-06 10:04:44 UTC
avr-binutils-2.24-4.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 14 Fedora Update System 2014-12-06 10:09:29 UTC
arm-none-eabi-binutils-cs-2014.05.28-3.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 15 Fedora Update System 2014-12-07 04:38:09 UTC
avr-binutils-2.24-3.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 16 Fedora Update System 2014-12-07 04:39:50 UTC
arm-none-eabi-binutils-cs-2014.05.28-3.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 18 Fedora Update System 2015-01-21 23:07:06 UTC
binutils-2.24-30.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 19 Vasyl Kaigorodov 2015-05-13 10:04:23 UTC
Reproducer is available in https://sourceware.org/bugzilla/show_bug.cgi?id=17533#c0

Comment 21 Fedora Update System 2015-10-02 22:25:27 UTC
cross-binutils-2.23.88.0.1-2.el7.1 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.

Comment 22 Fedora Update System 2015-10-02 23:23:51 UTC
cross-binutils-2.23.51.0.3-1.el6.1 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.

Comment 23 Nick Clifton 2015-10-13 14:59:28 UTC
I have checked in an updated patch for this issue.  The previous version of the patch was missing a delta, which effectively made it useless.  The new version is available in: binutils-2.23.52.0.1-55.el7

Comment 24 Nick Clifton 2015-10-13 15:07:47 UTC
oops - I should not have changed this BZ, sorry...

Comment 25 errata-xmlrpc 2015-11-19 03:33:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2015:2079 https://rhn.redhat.com/errata/RHSA-2015-2079.html


Note You need to log in before you can comment on or make changes to this bug.