LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for August 21, 2008

Standards, the kernel, and Postfix

In defense of Ubuntu

Why the JMRI decision matters

LWN.net Weekly Edition for August 14, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

binutils: buffer overflow

Package(s):binutils CVE #(s):CVE-2005-4807
Created:August 17, 2006 Updated:October 19, 2006
Description: The GNU assembler (gas) in binutils is vulnerable to a buffer overflow. If a user can be tricked into assembling a specially crafted file with gcc or gas, arbitrary code can be executed with the privileges of the user.
Alerts:
Ubuntu USN-336-1 2006-08-16
Ubuntu USN-366-1 2006-10-18
(Log in to post comments)

binutils: buffer overflow

Posted Aug 24, 2006 18:15 UTC (Thu) by ernest (subscriber, #2355) [Link]

this is ridiculous. if a user can tricked to compile a specialy crafted program you do not need a buffer overflow to create a program that can do bad things. For god's sack! please re-read what you have just written!

binutils: buffer overflow

Posted Aug 25, 2006 16:04 UTC (Fri) by nix (subscriber, #2304) [Link]

I thought this once, but it's wrong. Consider programs that assemble code to be run on another machine, especially things like cross-assemblers. You don't expect to have to nail down a system that merely *compiles* untrusted code (assuming the build system is trusted).

Has a CVE now

Posted Sep 2, 2006 16:40 UTC (Sat) by kreutzm (subscriber, #4700) [Link]

This bug is CVE 2005-5807. Please add this to your database.

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.