Mageia Bugzilla – Attachment 11252 Details for
Bug 23160
elfutils new security issues CVE-2017-760[7-9], CVE-2017-761[0-3], CVE-2018-8769, CVE-2018-16062, CVE-2018-1640[23], CVE-2018-18310, CVE-2018-1852[01], CVE-2019-714[689], CVE-2019-7150, CVE-2019-766[45]
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
POC tests after the updates
afterwards (text/plain), 1.44 KB, created by
Len Lawrence
on 2019-08-13 19:54:19 CEST
(
hide
)
Description:
POC tests after the updates
Filename:
MIME Type:
Creator:
Len Lawrence
Created:
2019-08-13 19:54:19 CEST
Size:
1.44 KB
patch
obsolete
>After updating the same set of tests were run. > >CVE-2017-7607 >$ eu-readelf -a 00225-elfutils-heapoverflow-handle_gnu_hash >No obvious difference in the resulting report. > >CVE-2017-7608 >$ eu-readelf -a 00226-elfutils-heapoverflow-ebl_object_note_type_name >No change. > >CVE-2017-7609 >$ eu-readelf -a 00227-elfutils-memallocfailure >Same output as before. > ><Skipped some CVEs here> > >CVE-2018-16062 >$ eu-addr2line -e addr2line-buffer-over-flow1 >This hangs again. Maybe not running the test correctly. > >CVE-2018-16402 >$ eu-readelf -S Double-free-libelf >Error report terminates gracefully (no core dump). > >CVE-2018-16403 >$ eu-readelf --debug-dump=abbrev Buffer-over-readelf >Same error report. > >CVE-2018-18310 >$ eu-stack --core=POC-stack >eu-stack: dwfl_core_file_report: Not an ET_CORE ELF file > >No segfault this time - nor is there an ABORT. > >CVE-2018-18520 >$ eu-size eu-size_POC1 >Some diagnostics but no segfault. >$ eu-size eu-size_POC2 >Same here. > >CVE-2018-18521 >$ eu-ranlib POC1 >$ >No FPE or core dump. >$ eu-ranlib POC2 >Another clean exit. > >CVE-2019-7149 >$ eu-nm -C hbo_POC1 >$ eu-nm -C hbo_POC2 >$ eu-nm -C hbo_POC3 >All three returned the same diagnostics as before the update and terminate gracefully. > >CVE-2019-7150 >$ eu-stack --core=POC1.1 >eu-stack: dwfl_core_file_report: Not an ET_CORE ELF file >$ eu-stack --core=POC2.1 >eu-stack: dwfl_core_file_report: Not an ET_CORE ELF file >No core dumps this time. > >CVE-2019-7665 >$ eu-readelf -a POC1.2 >Report looks the same as before. > > > >
After updating the same set of tests were run. CVE-2017-7607 $ eu-readelf -a 00225-elfutils-heapoverflow-handle_gnu_hash No obvious difference in the resulting report. CVE-2017-7608 $ eu-readelf -a 00226-elfutils-heapoverflow-ebl_object_note_type_name No change. CVE-2017-7609 $ eu-readelf -a 00227-elfutils-memallocfailure Same output as before. <Skipped some CVEs here> CVE-2018-16062 $ eu-addr2line -e addr2line-buffer-over-flow1 This hangs again. Maybe not running the test correctly. CVE-2018-16402 $ eu-readelf -S Double-free-libelf Error report terminates gracefully (no core dump). CVE-2018-16403 $ eu-readelf --debug-dump=abbrev Buffer-over-readelf Same error report. CVE-2018-18310 $ eu-stack --core=POC-stack eu-stack: dwfl_core_file_report: Not an ET_CORE ELF file No segfault this time - nor is there an ABORT. CVE-2018-18520 $ eu-size eu-size_POC1 Some diagnostics but no segfault. $ eu-size eu-size_POC2 Same here. CVE-2018-18521 $ eu-ranlib POC1 $ No FPE or core dump. $ eu-ranlib POC2 Another clean exit. CVE-2019-7149 $ eu-nm -C hbo_POC1 $ eu-nm -C hbo_POC2 $ eu-nm -C hbo_POC3 All three returned the same diagnostics as before the update and terminate gracefully. CVE-2019-7150 $ eu-stack --core=POC1.1 eu-stack: dwfl_core_file_report: Not an ET_CORE ELF file $ eu-stack --core=POC2.1 eu-stack: dwfl_core_file_report: Not an ET_CORE ELF file No core dumps this time. CVE-2019-7665 $ eu-readelf -a POC1.2 Report looks the same as before.
View Attachment As Raw
Actions:
View
Attachments on
bug 23160
:
11251
| 11252