vulnerabilities in libbfd (CVE-2014-beats-me)
Nicholas Clifton
nickc@redhat.com
Thu Oct 30 11:01:00 GMT 2014
More information about the Binutils mailing list
Thu Oct 30 11:01:00 GMT 2014
- Previous message (by thread): vulnerabilities in libbfd (CVE-2014-beats-me)
- Next message (by thread): vulnerabilities in libbfd (CVE-2014-beats-me)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Maciej, Hi Michal, >> $ wget http://lcamtuf.coredump.cx/strings-bfd-badptr2 FYI, this test case has now been fixed. >> In any case: the bottom line is that if you are used to running >> strings on random files, or depend on any libbfd-based tools for >> forensic purposes, you should probably change your habits. For strings >> specifically, invoking it with the -a parameter seems to inhibit the >> use of libbfd. Distro vendors may want to consider making the -a mode >> default, too. There are also alternatives to the GNU Binutils strings program. eu-strings for example, or even "od -S 4". It is true however that there are still vulnerabilities in libbfd, and I for one would happy to see new bug reports exposing them. I can assure you that any such bug report reaching me will be treated seriously, and will be investigated and fixed as soon as possible. Cheers Nick
- Previous message (by thread): vulnerabilities in libbfd (CVE-2014-beats-me)
- Next message (by thread): vulnerabilities in libbfd (CVE-2014-beats-me)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Binutils mailing list