Product: Security Response https://bugzilla.redhat.com/show_bug.cgi?id=849693
--- Comment #33 from Jan Lieskovsky jlieskov@redhat.com --- (In reply to comment #31)
Hi Jan,
Jan, is this bug therefore an "arbitrary code execution" exploitable or not?
Depends on the way how you are asking: -------------------------------------- 1) If you are asking generally if CVE-2012-3509 flaw can be used for arbitrary code execution (an adversary to reach code execution under the privileges of the victim, when the victim inspects provided file remotely), then the reply would be yes. The CVE-2012-3509 flaw is believed to be able to cause arbitrary code execution. To actually reach this it would not be a trivial task though.
2) If you are asking if gdb packages (since embedding libiberty code) are prone to arbitrary code execution, then the reply would be no. The actual exploitation depends on the 'code around' processing result of bfd_alloc2() / _objalloc_alloc and from what I can tell so far for gdb case, the resulting buffer is under-allocated, but the subsequent routine is just zero-ying its content at:
#2 setup_group (newsect=0x29a9bf0, hdr=0x29b2690, abfd=0x297a960) at ../../bfd/elf.c:607
routine, so explicitly for gdb this could not allow arbitrary code execution.
IMO it is not, therefore it is a normal uninteresting crasher bug which has been fixed upstream now and which is IMO not even worth a backport. There are many such uninteresting invalid-input crasher bugs in GNU toolchain (see Comment 2).
See above. If we are talking about gdb case here, then yes, I agree. But for the rest of possibly affected packages the potential impact still needs to be investigated (to either confirm the danger or disprove it like in gdb case).