7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
48.8%
CentOS Errata and Security Advisory CESA-2005:801-01
GDB, the GNU debugger, allows debugging of programs written in C, C++, and
other languages by executing them in a controlled fashion, then printing
their data.
Several integer overflow bugs were found in gdb. If a user is tricked into
processing a specially crafted executable file, it may allow the execution
of arbitrary code as the user running gdb. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2005-1704 to
this issue.
A bug was found in the way gdb loads .gdbinit files. When a user executes
gdb, the local directory is searched for a .gdbinit file which is then
loaded. It is possible for a local user to execute arbitrary commands as
the user running gdb by placing a malicious .gdbinit file in a location
where gdb may be run. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-1705 to this issue.
All users of gdb should upgrade to this updated package, which contains
backported patches that resolve these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2005-October/074488.html
Affected packages:
gdb
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | gdb | < 5.3.90-0.20030710.41.2.4 | gdb-5.3.90-0.20030710.41.2.4.i386.rpm |