GNU Binutils Assembler as_bad() Function Local Overflow

2006-08-17T08:18:58
ID OSVDB:27960
Type osvdb
Reporter Tavis Ormandy(taviso@google.com)
Modified 2006-08-17T08:18:58

Description

Vulnerability Description

A vulnerability which affects the as_bad() function of the GNU Binutils Assembler can be exploited by tricking a user into assembling a specially crafted source file. Successful exploitation can execute arbitrary code under the context of the logged on user.

Solution Description

Upgrade to version 2.17 or higher, as it has been reported to fix this vulnerability. An upgrade is required, as there are no known workarounds.

Short Description

A vulnerability which affects the as_bad() function of the GNU Binutils Assembler can be exploited by tricking a user into assembling a specially crafted source file. Successful exploitation can execute arbitrary code under the context of the logged on user.

References:

Vendor URL: http://www.gnu.org/software/binutils/ Vendor Specific News/Changelog Entry: http://bugs.gentoo.org/show_bug.cgi?id=99464 Vendor Specific Advisory URL Secunia Advisory ID:21508 Secunia Advisory ID:21530 Generic Exploit URL: http://www.securityfocus.com/data/vulnerabilities/exploits/gas_poc.sh FrSIRT Advisory: ADV-2006-3307 CVE-2005-4807 Bugtraq ID: 19555