Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 158680 - CAN-2005-1704 Integer overflow in gdb
Summary: CAN-2005-1704 Integer overflow in gdb
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: gdb
Version: 4.0
Hardware: All
OS: Linux
medium
low
Target Milestone: ---
: ---
Assignee: Elena Zannoni
QA Contact: Jay Turner
URL:
Whiteboard: impact=low,public=20050525,reported=2...
Depends On:
Blocks: 156322
TreeView+ depends on / blocked
 
Reported: 2005-05-24 20:00 UTC by Josh Bressers
Modified: 2015-01-08 00:10 UTC (History)
4 users (show)

Fixed In Version: RHSA-2005-709
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-10-05 12:41:41 UTC


Attachments (Terms of Use)
Demo exploit taken from the gentoo BTS (deleted)
2005-06-10 21:14 UTC, Josh Bressers
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:709 qe-ready SHIPPED_LIVE Low: gdb security update 2005-10-05 04:00:00 UTC

Description Josh Bressers 2005-05-24 20:00:42 UTC
Integer overflow in the BFD library for gdb before 6.3 allows
attackers to execute arbitrary code via a crafted object file that
specifies a large number of section headers, leading to a heap-based
buffer overflow.


More information is available in the gentoo bug:
http://bugs.gentoo.org/show_bug.cgi?id=91398

Comment 1 Josh Bressers 2005-05-24 20:02:27 UTC
This issue should also affect RHEL2.1 and RHEL3

Comment 6 Josh Bressers 2005-06-08 17:36:05 UTC
ping on this issue

Comment 7 Jeff Johnston 2005-06-08 22:57:18 UTC
I have pieced together the correct fix for bfd and have modified the gdb patch
discussed on the FSF list to add a query that allows the user to continue and
defaults to no if the .gdbinit file is untrusted.  I am currently building and
testing the patch.

Comment 13 Josh Bressers 2005-06-10 21:14:07 UTC
Created attachment 115313 [details]
Demo exploit taken from the gentoo BTS

Comment 14 Jakub Jelinek 2005-06-14 15:00:53 UTC
There are already separate bzs for binutils, so this one should be assigned
to GDB crowd...

Comment 16 Jeff Johnston 2005-06-30 21:52:52 UTC
Moving to modified as rpm has been built for RHEL-4: gdb-6.3.0.0-0.31.5

Comment 18 Josh Bressers 2005-08-01 18:52:38 UTC
Jeff,

Additionally, how do these packages fall regarding the quarterly updates?  Are
they included in the current QU packages, or shall we wait until after U2/U6 to
release these?

Comment 19 Jeff Johnston 2005-08-02 17:27:55 UTC
This patch is considered between the last QU update and the upcoming one.  It is
a security patch that falls outside the normal QU timeframe.  It also allows
those who do not intend to update to the next gdb QU level to get the patch on
its own.

Comment 20 Red Hat Bugzilla 2005-10-05 12:41:41 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-709.html



Note You need to log in before you can comment on or make changes to this bug.