Bug 1071544 (CVE-2017-17121)

Summary:	VUL-1: CVE-2017-17121: binutils: Binary File Descriptor (BFD) library (aka libbfd) allows remote attackers to cause a denial of service
Product:	[Novell Products] SUSE Security Incidents	Reporter:	Alexander Bergmann <abergmann>
Component:	Incidents	Assignee:	Michael Matz <matz>
Status:	RESOLVED FIXED	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P3 - Medium	CC:	abergmann, rfrohl, smash_bz, yingjun.ni
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/196101/
Whiteboard:	CVSSv2:SUSE:CVE-2017-17121:5.0:(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVSSv3.1:SUSE:CVE-2017-17121:4.0:(AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) maint:planned:update
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---
Attachments:	QA Reproducer

Description Alexander Bergmann 2017-12-06 14:27:30 UTC

CVE-2017-17121

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU
Binutils 2.29.1, allows remote attackers to cause a denial of service (memory
access violation) or possibly have unspecified other impact via a COFF binary in
which a relocation refers to a location after the end of the to-be-relocated
section.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17121
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17121.html
http://www.cvedetails.com/cve/CVE-2017-17121/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17121
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b23dc97fe237a1d9e850d7cbeee066183a00630b
https://sourceware.org/bugzilla/show_bug.cgi?id=22506

Comment 1 Alexander Bergmann 2017-12-06 14:28:59 UTC

Created attachment 751732 [details]
QA Reproducer

SLE12> objdump -W  perform_reloc 

perform_reloc:     file format pei-i386

Contents of the  section:

00000000 ZERO terminator


objdump: perform_reloc: warning: illegal symbol index 131072 in relocs
objdump: perform_reloc: warning: illegal symbol index 0 in relocs
Segmentation fault (core dumped)

Comment 2 Alexander Bergmann 2017-12-06 14:33:49 UTC

Upstream fix:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b23dc97fe237a1d9e850d7cbeee066183a00630b

Comment 5 ni yingjun 2020-11-17 07:39:45 UTC

Hi Support,
I have a customer who are focus on this CVE-2019-9075.
I don't see any information about this CVE of SLES12SP5 on https://www.suse.com/security/cve/.
Is SLES12 SP5 affected by this CVE? Is it a plan to merge it into SLES12sp5?

Thanks.

Comment 6 ni yingjun 2020-11-17 07:42:03 UTC

(In reply to Yingjun Ni from comment #5)
> Hi Support,
> I have a customer who are focus on this CVE-2019-9075.
> I don't see any information about this CVE of SLES12SP5 on
> https://www.suse.com/security/cve/.
> Is SLES12 SP5 affected by this CVE? Is it a plan to merge it into SLES12sp5?
> 
> Thanks.

sorry for the mistype, the customer is asking about CVE-2017-17121.

Comment 7 Michael Matz 2020-11-18 13:38:22 UTC

binutils 2.32 (contained in SLE12-SP5 currently) has this problem fixed.
It was forgotten to be mentioned in the changes file :-(

Comment 8 ni yingjun 2020-11-18 13:59:53 UTC

(In reply to Michael Matz from comment #7)
> binutils 2.32 (contained in SLE12-SP5 currently) has this problem fixed.
> It was forgotten to be mentioned in the changes file :-(

ok, appreciated for your reply.

Comment 9 Robert Frohl 2022-05-09 09:20:41 UTC

done