|Summary:||CAN-2005-1704 Integer overflow in gdb|
|Product:||Red Hat Enterprise Linux 4||Reporter:||Josh Bressers <bressers>|
|Component:||gdb||Assignee:||Elena Zannoni <ezannoni>|
|Status:||CLOSED ERRATA||QA Contact:||Jay Turner <jturner>|
|Version:||4.0||CC:||cagney, jakub, jjohnstn, srevivo|
|Fixed In Version:||RHSA-2005-709||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2005-10-05 12:41:41 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
|Bug Depends On:|
Description Josh Bressers 2005-05-24 20:00:42 UTC
Integer overflow in the BFD library for gdb before 6.3 allows attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow. More information is available in the gentoo bug: http://bugs.gentoo.org/show_bug.cgi?id=91398
Comment 1 Josh Bressers 2005-05-24 20:02:27 UTC
This issue should also affect RHEL2.1 and RHEL3
Comment 6 Josh Bressers 2005-06-08 17:36:05 UTC
ping on this issue
Comment 7 Jeff Johnston 2005-06-08 22:57:18 UTC
I have pieced together the correct fix for bfd and have modified the gdb patch discussed on the FSF list to add a query that allows the user to continue and defaults to no if the .gdbinit file is untrusted. I am currently building and testing the patch.
Comment 13 Josh Bressers 2005-06-10 21:14:07 UTC
Created attachment 115313 [details] Demo exploit taken from the gentoo BTS
Comment 14 Jakub Jelinek 2005-06-14 15:00:53 UTC
There are already separate bzs for binutils, so this one should be assigned to GDB crowd...
Comment 16 Jeff Johnston 2005-06-30 21:52:52 UTC
Moving to modified as rpm has been built for RHEL-4: gdb-18.104.22.168-0.31.5
Comment 18 Josh Bressers 2005-08-01 18:52:38 UTC
Jeff, Additionally, how do these packages fall regarding the quarterly updates? Are they included in the current QU packages, or shall we wait until after U2/U6 to release these?
Comment 19 Jeff Johnston 2005-08-02 17:27:55 UTC
This patch is considered between the last QU update and the upcoming one. It is a security patch that falls outside the normal QU timeframe. It also allows those who do not intend to update to the next gdb QU level to get the patch on its own.
Comment 20 Red Hat Bugzilla 2005-10-05 12:41:41 UTC
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-709.html