GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Fri May 20, 2005 1:13 pm Post subject: [ GLSA 200505-15 ] gdb: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: gdb: Multiple vulnerabilities (GLSA 200505-15)
Severity: normal
Exploitable: local
Date: May 20, 2005
Updated: May 22, 2006
Bug(s): #88398, #91398, #91654
ID: 200505-15
Synopsis
Multiple vulnerabilities have been discovered in the GNU debugger, potentially allowing the execution of arbitrary code.
Background
gdb is the GNU project's debugger, facilitating the analysis and debugging of applications. The BFD library provides a uniform method of accessing a variety of object file formats.
Affected Packages
Package: sys-devel/gdb
Vulnerable: < 6.3-r3
Unaffected: >= 6.3-r3
Architectures: All supported architectures
Description
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer overflow in the BFD library, resulting in a heap overflow. A review also showed that by default, gdb insecurely sources initialisation files from the working directory.
Impact
Successful exploitation would result in the execution of arbitrary code on loading a specially crafted object file or the execution of arbitrary commands.
Workaround
There is no known workaround at this time.
Resolution
All gdb users should upgrade to the latest stable version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=sys-devel/gdb-6.3-r3" |
References
CVE-2005-1704
CVE-2005-1705
Last edited by GLSA on Tue Oct 23, 2007 4:17 am; edited 4 times in total |
|
News & Announcements
