LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

binutils: buffer overflow

Package(s):binutils CVE #(s):CVE-2005-4807
Created:August 17, 2006 Updated:October 19, 2006
Description: The GNU assembler (gas) in binutils is vulnerable to a buffer overflow. If a user can be tricked into assembling a specially crafted file with gcc or gas, arbitrary code can be executed with the privileges of the user.
Alerts:
Ubuntu USN-366-1 2006-10-18
Ubuntu USN-336-1 2006-08-16
(Log in to post comments)

binutils: buffer overflow

Posted Aug 24, 2006 18:15 UTC (Thu) by ernest (subscriber, #2355) [Link]

this is ridiculous. if a user can tricked to compile a specialy crafted program you do not need a buffer overflow to create a program that can do bad things. For god's sack! please re-read what you have just written!

binutils: buffer overflow

Posted Aug 25, 2006 16:04 UTC (Fri) by nix (subscriber, #2304) [Link]

I thought this once, but it's wrong. Consider programs that assemble code to be run on another machine, especially things like cross-assemblers. You don't expect to have to nail down a system that merely *compiles* untrusted code (assuming the build system is trusted).

Has a CVE now

Posted Sep 2, 2006 16:40 UTC (Sat) by kreutzm (guest, #4700) [Link]

This bug is CVE 2005-5807. Please add this to your database.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds