628538 – (CVE-2017-12967) <sys-devel/binutils-2.29.1 : stack overflow in getsym (CVE-2017-12967)

Bug 628538 (CVE-2017-12967) - <sys-devel/binutils-2.29.1 : stack overflow in getsym (CVE-2017-12967)

Summary: <sys-devel/binutils-2.29.1 : stack overflow in getsym (CVE-2017-12967)

Status:	RESOLVED FIXED

Alias:	CVE-2017-12967

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://sourceware.org/bugzilla/show_...
Whiteboard:	A3 [glsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-08-21 18:08 UTC by D'juan McDonald (domhnall)
Modified:	2018-01-07 23:11 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description D'juan McDonald (domhnall) 2017-08-21 18:08:06 UTC

Upstream Bug:

https://sourceware.org/bugzilla/show_bug.cgi?id=21962


Upstream Patch:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ebe412a7186f1acbc5753d3236f3cab4999f7b90

Comment 1 D'juan McDonald (domhnall) 2017-08-21 18:17:55 UTC

The getsym function in tekhex.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a malformed tekhex binary.

CVE Details: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12967

Comment 2 D'juan McDonald (domhnall) 2017-08-22 08:35:12 UTC

Comment 4  cvs-commit@gcc.gnu.org      2017-08-18 07:47:42 UTC  
The master branch has been updated by Nick Clifton <nickc@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=de25939739ffe9a9ad7cec07a35bb2a1e430fe39

commit de25939739ffe9a9ad7cec07a35bb2a1e430fe39
Author: Nick Clifton <nickc@redhat.com>
Date:   Fri Aug 18 08:45:12 2017 +0100

    Fix buffer overrun parsing a corrupt tekhex binary.
    
        PR binutils/21962
        * tekhex.c (getsym): Fix check for source pointer walking off the
        end of the input buffer.
Comment 5  cvs-commit@gcc.gnu.org      2017-08-18 07:50:27 UTC  
The binutils-2_29-branch branch has been updated by Nick Clifton <nickc@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ebe412a7186f1acbc5753d3236f3cab4999f7b90

commit ebe412a7186f1acbc5753d3236f3cab4999f7b90
Author: Nick Clifton <nickc@redhat.com>
Date:   Fri Aug 18 08:47:16 2017 +0100

    Fix buffer overrun when parsing a corrupt tekhex binary.
    
        PR binutils/21962
        * tekhex.c (getsym): Fix check for source pointer walking off the
        end of the input buffer.


@Security, can we handle this? toolchain is already loaded. 

I have a local repo of gentoo, fyi.

Comment 3 D'juan McDonald (domhnall) 2017-08-22 08:57:23 UTC

@maintainer(s),please test, then follow procedure to close this report.Thank You

Daj'Uan (mbailey_j)
Gentoo Security Scout

Comment 4 Andreas K. Hüttel archtester

2017-12-27 22:50:34 UTC

All affected versions are masked. No further cleanup (toolchain package). 

Nothing to do for toolchain here anymore. Please proceed.

Comment 5 D'juan McDonald (domhnall) 2018-01-05 06:44:44 UTC

Added to existing GLSA request.


Gentoo Security Padawan
(Jmbailey/mbailey_j)

Comment 6 GLSAMaker/CVETool Bot gentoo-dev

2018-01-07 23:11:20 UTC

This issue was resolved and addressed in
 GLSA 201801-01 at https://security.gentoo.org/glsa/201801-01
by GLSA coordinator Aaron Bauman (b-man).