Upstream information

CVE-2006-2362 at MITRE

Description

Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a file with a crafted Tektronix Hex Format (TekHex) record in which the length character is not a valid hexadecimal character.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.5
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 177088 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE LINUX 10.0
  • binutils >= 2.16.91.0.2-8.6
  • binutils-32bit >= 2.16.91.0.2-8.6
  • binutils-64bit >= 2.16.91.0.2-8.6
SUSE LINUX 9.2
  • binutils >= 2.15.91.0.2-7.5
  • binutils-32bit >= 9.2-200611011333
SUSE LINUX 9.3
  • binutils >= 2.15.94.0.2.2-3.5
  • binutils-32bit >= 9.3-7.2
Novell Linux Desktop 9 for x86
Open Enterprise Server
  • binutils >= 2.15.90.0.1.1-32.17
sles9-oes.x86
core9.s390
YOU Patch Nr: 11277
Novell Linux Desktop 9 for x86_64
  • binutils >= 2.15.90.0.1.1-32.17
  • binutils-32bit >= 9-200610302219
sles9-oes.x86
core9.s390
YOU Patch Nr: 11277