Bug 1071544 (CVE-2017-17121)

Summary: VUL-1: CVE-2017-17121: binutils: Binary File Descriptor (BFD) library (aka libbfd) allows remote attackers to cause a denial of service
Product: [Novell Products] SUSE Security Incidents Reporter: Alexander Bergmann <abergmann>
Component: IncidentsAssignee: Michael Matz <matz>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: abergmann, rfrohl, smash_bz, yingjun.ni
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/196101/
Whiteboard: CVSSv2:SUSE:CVE-2017-17121:5.0:(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVSSv3.1:SUSE:CVE-2017-17121:4.0:(AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) maint:planned:update
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: QA Reproducer

Description Alexander Bergmann 2017-12-06 14:27:30 UTC
CVE-2017-17121

The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU
Binutils 2.29.1, allows remote attackers to cause a denial of service (memory
access violation) or possibly have unspecified other impact via a COFF binary in
which a relocation refers to a location after the end of the to-be-relocated
section.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-17121
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-17121.html
http://www.cvedetails.com/cve/CVE-2017-17121/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17121
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b23dc97fe237a1d9e850d7cbeee066183a00630b
https://sourceware.org/bugzilla/show_bug.cgi?id=22506
Comment 1 Alexander Bergmann 2017-12-06 14:28:59 UTC
Created attachment 751732 [details]
QA Reproducer

SLE12> objdump -W  perform_reloc 

perform_reloc:     file format pei-i386

Contents of the  section:

00000000 ZERO terminator


objdump: perform_reloc: warning: illegal symbol index 131072 in relocs
objdump: perform_reloc: warning: illegal symbol index 0 in relocs
Segmentation fault (core dumped)
Comment 5 ni yingjun 2020-11-17 07:39:45 UTC
Hi Support,
I have a customer who are focus on this CVE-2019-9075.
I don't see any information about this CVE of SLES12SP5 on https://www.suse.com/security/cve/.
Is SLES12 SP5 affected by this CVE? Is it a plan to merge it into SLES12sp5?

Thanks.
Comment 6 ni yingjun 2020-11-17 07:42:03 UTC
(In reply to Yingjun Ni from comment #5)
> Hi Support,
> I have a customer who are focus on this CVE-2019-9075.
> I don't see any information about this CVE of SLES12SP5 on
> https://www.suse.com/security/cve/.
> Is SLES12 SP5 affected by this CVE? Is it a plan to merge it into SLES12sp5?
> 
> Thanks.

sorry for the mistype, the customer is asking about CVE-2017-17121.
Comment 7 Michael Matz 2020-11-18 13:38:22 UTC
binutils 2.32 (contained in SLE12-SP5 currently) has this problem fixed.
It was forgotten to be mentioned in the changes file :-(
Comment 8 ni yingjun 2020-11-18 13:59:53 UTC
(In reply to Michael Matz from comment #7)
> binutils 2.32 (contained in SLE12-SP5 currently) has this problem fixed.
> It was forgotten to be mentioned in the changes file :-(

ok, appreciated for your reply.
Comment 9 Robert Frohl 2022-05-09 09:20:41 UTC
done