{"id": "CENTOS_RHSA-2006-0354.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "CentOS 4 : elfutils (CESA-2006:0354)", "description": "Updated elfutils packages that address a minor security issue and various other issues are now available.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nThe elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code.\n\nThe elfutils packages that originally shipped with Red Hat Enterprise Linux 4 were GPL-licensed versions which lacked some functionality.\nPrevious updates provided fully functional versions of elfutils only under the OSL license. This update provides a fully functional, GPL-licensed version of elfutils.\n\nIn the OSL-licensed elfutils versions provided in previous updates, some tools could sometimes crash when given corrupted input files.\n(CVE-2005-1704)\n\nAlso, when the eu-strip tool was used to create separate debuginfo files from relocatable objects such as kernel modules (.ko), the resulting debuginfo files (.ko.debug) were sometimes corrupted. Both of these problems are fixed in the new version.\n\nUsers of elfutils should upgrade to these updated packages, which resolve these issues.", "published": "2006-08-30T00:00:00", "modified": "2021-01-04T00:00:00", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": null, "vector": null}, "href": "https://www.tenable.com/plugins/nessus/22274", "reporter": "This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1704", "http://www.nessus.org/u?05021948", "http://www.nessus.org/u?146fe213", "http://www.nessus.org/u?b2d89aa2"], "cvelist": ["CVE-2005-1704"], "immutableFields": [], "lastseen": "2021-08-19T13:15:21", "viewCount": 3, "enchantments": {"dependencies": {}, "score": {"value": 5.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2005:659", "CESA-2005:673", "CESA-2005:709", "CESA-2005:763-01", "CESA-2005:801-01", "CESA-2006:0354", "CESA-2006:0368"]}, {"type": "cve", "idList": ["CVE-2005-1704"]}, {"type": "gentoo", "idList": ["GLSA-200505-15"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/LINUXRPM-RHSA-2006-0368/"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2005-801.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:54947"]}, {"type": "redhat", "idList": ["RHSA-2005:673", "RHSA-2005:709", "RHSA-2006:0354"]}, {"type": "ubuntu", "idList": ["USN-136-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2005-1704"]}]}, "exploitation": null, "vulnersScore": 5.2}, "pluginID": "22274", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0354 and \n# CentOS Errata and Security Advisory 2006:0354 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22274);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-1704\");\n script_xref(name:\"RHSA\", value:\"2006:0354\");\n\n script_name(english:\"CentOS 4 : elfutils (CESA-2006:0354)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated elfutils packages that address a minor security issue and\nvarious other issues are now available.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nThe elfutils packages contain a number of utility programs and\nlibraries related to the creation and maintenance of executable code.\n\nThe elfutils packages that originally shipped with Red Hat Enterprise\nLinux 4 were GPL-licensed versions which lacked some functionality.\nPrevious updates provided fully functional versions of elfutils only\nunder the OSL license. This update provides a fully functional,\nGPL-licensed version of elfutils.\n\nIn the OSL-licensed elfutils versions provided in previous updates,\nsome tools could sometimes crash when given corrupted input files.\n(CVE-2005-1704)\n\nAlso, when the eu-strip tool was used to create separate debuginfo\nfiles from relocatable objects such as kernel modules (.ko), the\nresulting debuginfo files (.ko.debug) were sometimes corrupted. Both\nof these problems are fixed in the new version.\n\nUsers of elfutils should upgrade to these updated packages, which\nresolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-August/013153.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?05021948\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-August/013154.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?146fe213\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-August/013167.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b2d89aa2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected elfutils packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:elfutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:elfutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:elfutils-libelf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:elfutils-libelf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/08/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", reference:\"elfutils-0.97.1-3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"elfutils-devel-0.97.1-3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"elfutils-libelf-0.97.1-3\")) flag++;\nif (rpm_check(release:\"CentOS-4\", reference:\"elfutils-libelf-devel-0.97.1-3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"elfutils / elfutils-devel / elfutils-libelf / elfutils-libelf-devel\");\n}\n", "naslFamily": "CentOS Local Security Checks", "cpe": ["p-cpe:/a:centos:centos:elfutils", "p-cpe:/a:centos:centos:elfutils-devel", "p-cpe:/a:centos:centos:elfutils-libelf", "p-cpe:/a:centos:centos:elfutils-libelf-devel", "cpe:/o:centos:centos:4"], "solution": "Update the affected elfutils packages.", "nessusSeverity": "Medium", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.8"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2006-08-23T00:00:00", "vulnerabilityPublicationDate": "2005-05-24T00:00:00", "exploitableWith": [], "_state": {"dependencies": 1645263732}}

{"metasploit": [{"lastseen": "2021-08-14T10:43:41", "description": "\n", "cvss3": {}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "RHSA-2005:763: binutils security update", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/LINUXRPM-RHSA-2005-763/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-14T10:50:32", "description": "\n", "cvss3": {}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "RHSA-2005:659: binutils security update", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/LINUXRPM-RHSA-2005-659/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-14T10:43:24", "description": "\n", "cvss3": {}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "RHSA-2006:0354: elfutils security update", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/LINUXRPM-RHSA-2006-0354/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-14T10:42:52", "description": "\n", "cvss3": {}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "RHSA-2005:673: binutils security update", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/LINUXRPM-RHSA-2005-673/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-14T10:50:31", "description": "\n", "cvss3": {}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "RHSA-2006:0368: elfutils security update", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/LINUXRPM-RHSA-2006-0368/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-14T10:40:40", "description": "\n", "cvss3": {}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "RHSA-2005:801: gdb security update", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/LINUXRPM-RHSA-2005-801/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-14T10:43:41", "description": "\n", "cvss3": {}, "published": "1976-01-01T00:00:00", "type": "metasploit", "title": "RHSA-2005:709: gdb security update", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "1976-01-01T00:00:00", "id": "MSF:ILITIES/LINUXRPM-RHSA-2005-709/", "href": "", "sourceData": "", "sourceHref": "", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-08-19T13:16:13", "description": "Tavis Ormandy found an integer overflow in the Binary File Descriptor (BFD) parser in the GNU debugger. The same vulnerable code is also present in binutils. By tricking an user into processing a specially crafted executable with the binutils tools (strings, objdump, nm, readelf, etc.), an attacker could exploit this to execute arbitrary code with the privileges of the user running the affected program.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2006-01-15T00:00:00", "type": "nessus", "title": "Ubuntu 4.10 / 5.04 : binutils vulnerability (USN-136-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:binutils", "p-cpe:/a:canonical:ubuntu_linux:binutils-dev", "p-cpe:/a:canonical:ubuntu_linux:binutils-doc", "p-cpe:/a:canonical:ubuntu_linux:binutils-multiarch", "cpe:/o:canonical:ubuntu_linux:4.10", "cpe:/o:canonical:ubuntu_linux:5.04"], "id": "UBUNTU_USN-136-1.NASL", "href": "https://www.tenable.com/plugins/nessus/20527", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-136-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20527);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2005-1704\");\n script_xref(name:\"USN\", value:\"136-1\");\n\n script_name(english:\"Ubuntu 4.10 / 5.04 : binutils vulnerability (USN-136-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tavis Ormandy found an integer overflow in the Binary File Descriptor\n(BFD) parser in the GNU debugger. The same vulnerable code is also\npresent in binutils. By tricking an user into processing a specially\ncrafted executable with the binutils tools (strings, objdump, nm,\nreadelf, etc.), an attacker could exploit this to execute arbitrary\ncode with the privileges of the user running the affected program.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:binutils-multiarch\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10|5\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10 / 5.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"binutils\", pkgver:\"2.14.90.0.7-8ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"binutils-dev\", pkgver:\"2.14.90.0.7-8ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"binutils-doc\", pkgver:\"2.14.90.0.7-8ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"4.10\", pkgname:\"binutils-multiarch\", pkgver:\"2.14.90.0.7-8ubuntu0.2\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"binutils\", pkgver:\"2.15-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"binutils-dev\", pkgver:\"2.15-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"binutils-doc\", pkgver:\"2.15-5ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"binutils-multiarch\", pkgver:\"2.15-5ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils / binutils-dev / binutils-doc / binutils-multiarch\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:17:19", "description": "The remote host is affected by the vulnerability described in GLSA-200506-01 (Binutils, elfutils: Buffer overflow)\n\n Tavis Ormandy and Ned Ludd of the Gentoo Linux Security Audit Team discovered an integer overflow in the BFD library and elfutils, resulting in a heap based buffer overflow.\n Impact :\n\n Successful exploitation would require a user to access a specially crafted binary file, resulting in the execution of arbitrary code.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2005-06-02T00:00:00", "type": "nessus", "title": "GLSA-200506-01 : Binutils, elfutils: Buffer overflow", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:binutils", "p-cpe:/a:gentoo:linux:elfutils", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200506-01.NASL", "href": "https://www.tenable.com/plugins/nessus/18406", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200506-01.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18406);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-1704\");\n script_xref(name:\"GLSA\", value:\"200506-01\");\n\n script_name(english:\"GLSA-200506-01 : Binutils, elfutils: Buffer overflow\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200506-01\n(Binutils, elfutils: Buffer overflow)\n\n Tavis Ormandy and Ned Ludd of the Gentoo Linux Security Audit Team\n discovered an integer overflow in the BFD library and elfutils,\n resulting in a heap based buffer overflow.\n \nImpact :\n\n Successful exploitation would require a user to access a specially\n crafted binary file, resulting in the execution of arbitrary code.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200506-01\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All GNU Binutils users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose sys-devel/binutils\n All elfutils users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/elfutils-0.108'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:elfutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/06/02\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-devel/binutils\", unaffected:make_list(\"rge 2.14.90.0.8-r3\", \"rge 2.15.90.0.1.1-r5\", \"rge 2.15.90.0.3-r5\", \"rge 2.15.91.0.2-r2\", \"rge 2.15.92.0.2-r10\", \"ge 2.16-r1\"), vulnerable:make_list(\"lt 2.16-r1\"))) flag++;\nif (qpkg_check(package:\"dev-libs/elfutils\", unaffected:make_list(\"ge 0.108\"), vulnerable:make_list(\"lt 0.108\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Binutils / elfutils\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:15:28", "description": "Updated elfutils packages that address a minor security issue and various other issues are now available.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nThe elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code.\n\nThe elfutils packages that originally shipped with Red Hat Enterprise Linux 3 were GPL-licensed versions which lacked some functionality.\nPrevious updates provided fully functional versions of elfutils only under the OSL license. This update provides a fully functional, GPL-licensed version of elfutils.\n\nIn the OSL-licensed elfutils versions provided in previous updates, some tools could sometimes crash when given corrupted input files.\n(CVE-2005-1704)\n\nAlso, when the eu-strip tool was used to create separate debuginfo files from relocatable objects such as kernel modules (.ko), the resulting debuginfo files (.ko.debug) were sometimes corrupted. Both of these problems are fixed in the new version.\n\nUsers of elfutils should upgrade to these updated packages, which resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2006-07-21T00:00:00", "type": "nessus", "title": "RHEL 3 : elfutils (RHSA-2006:0368)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:elfutils", "p-cpe:/a:redhat:enterprise_linux:elfutils-devel", "p-cpe:/a:redhat:enterprise_linux:elfutils-libelf", "p-cpe:/a:redhat:enterprise_linux:elfutils-libelf-devel", "cpe:/o:redhat:enterprise_linux:3"], "id": "REDHAT-RHSA-2006-0368.NASL", "href": "https://www.tenable.com/plugins/nessus/22085", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0368. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22085);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-1704\");\n script_xref(name:\"RHSA\", value:\"2006:0368\");\n\n script_name(english:\"RHEL 3 : elfutils (RHSA-2006:0368)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated elfutils packages that address a minor security issue and\nvarious other issues are now available.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nThe elfutils packages contain a number of utility programs and\nlibraries related to the creation and maintenance of executable code.\n\nThe elfutils packages that originally shipped with Red Hat Enterprise\nLinux 3 were GPL-licensed versions which lacked some functionality.\nPrevious updates provided fully functional versions of elfutils only\nunder the OSL license. This update provides a fully functional,\nGPL-licensed version of elfutils.\n\nIn the OSL-licensed elfutils versions provided in previous updates,\nsome tools could sometimes crash when given corrupted input files.\n(CVE-2005-1704)\n\nAlso, when the eu-strip tool was used to create separate debuginfo\nfiles from relocatable objects such as kernel modules (.ko), the\nresulting debuginfo files (.ko.debug) were sometimes corrupted. Both\nof these problems are fixed in the new version.\n\nUsers of elfutils should upgrade to these updated packages, which\nresolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2006:0368\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:elfutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:elfutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:elfutils-libelf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:elfutils-libelf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2006:0368\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"elfutils-0.94.1-2\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"elfutils-devel-0.94.1-2\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"elfutils-libelf-0.94.1-2\")) flag++;\n if (rpm_check(release:\"RHEL3\", reference:\"elfutils-libelf-devel-0.94.1-2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"elfutils / elfutils-devel / elfutils-libelf / elfutils-libelf-devel\");\n }\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:15:21", "description": "Updated elfutils packages that address a minor security issue and various other issues are now available.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nThe elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code.\n\nThe elfutils packages that originally shipped with Red Hat Enterprise Linux 4 were GPL-licensed versions which lacked some functionality.\nPrevious updates provided fully functional versions of elfutils only under the OSL license. This update provides a fully functional, GPL-licensed version of elfutils.\n\nIn the OSL-licensed elfutils versions provided in previous updates, some tools could sometimes crash when given corrupted input files.\n(CVE-2005-1704)\n\nAlso, when the eu-strip tool was used to create separate debuginfo files from relocatable objects such as kernel modules (.ko), the resulting debuginfo files (.ko.debug) were sometimes corrupted. Both of these problems are fixed in the new version.\n\nUsers of elfutils should upgrade to these updated packages, which resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2006-08-14T00:00:00", "type": "nessus", "title": "RHEL 4 : elfutils (RHSA-2006:0354)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:elfutils", "p-cpe:/a:redhat:enterprise_linux:elfutils-devel", "p-cpe:/a:redhat:enterprise_linux:elfutils-libelf", "p-cpe:/a:redhat:enterprise_linux:elfutils-libelf-devel", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2006-0354.NASL", "href": "https://www.tenable.com/plugins/nessus/22219", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0354. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22219);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-1704\");\n script_xref(name:\"RHSA\", value:\"2006:0354\");\n\n script_name(english:\"RHEL 4 : elfutils (RHSA-2006:0354)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated elfutils packages that address a minor security issue and\nvarious other issues are now available.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nThe elfutils packages contain a number of utility programs and\nlibraries related to the creation and maintenance of executable code.\n\nThe elfutils packages that originally shipped with Red Hat Enterprise\nLinux 4 were GPL-licensed versions which lacked some functionality.\nPrevious updates provided fully functional versions of elfutils only\nunder the OSL license. This update provides a fully functional,\nGPL-licensed version of elfutils.\n\nIn the OSL-licensed elfutils versions provided in previous updates,\nsome tools could sometimes crash when given corrupted input files.\n(CVE-2005-1704)\n\nAlso, when the eu-strip tool was used to create separate debuginfo\nfiles from relocatable objects such as kernel modules (.ko), the\nresulting debuginfo files (.ko.debug) were sometimes corrupted. Both\nof these problems are fixed in the new version.\n\nUsers of elfutils should upgrade to these updated packages, which\nresolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2006:0354\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:elfutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:elfutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:elfutils-libelf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:elfutils-libelf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/08/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2006:0354\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"elfutils-0.97.1-3\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"elfutils-devel-0.97.1-3\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"elfutils-libelf-0.97.1-3\")) flag++;\n if (rpm_check(release:\"RHEL4\", reference:\"elfutils-libelf-devel-0.97.1-3\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"elfutils / elfutils-devel / elfutils-libelf / elfutils-libelf-devel\");\n }\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:15:24", "description": "Updated elfutils packages that address a minor security issue and various other issues are now available.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nThe elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code.\n\nThe elfutils packages that originally shipped with Red Hat Enterprise Linux 3 were GPL-licensed versions which lacked some functionality.\nPrevious updates provided fully functional versions of elfutils only under the OSL license. This update provides a fully functional, GPL-licensed version of elfutils.\n\nIn the OSL-licensed elfutils versions provided in previous updates, some tools could sometimes crash when given corrupted input files.\n(CVE-2005-1704)\n\nAlso, when the eu-strip tool was used to create separate debuginfo files from relocatable objects such as kernel modules (.ko), the resulting debuginfo files (.ko.debug) were sometimes corrupted. Both of these problems are fixed in the new version.\n\nUsers of elfutils should upgrade to these updated packages, which resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2006-07-21T00:00:00", "type": "nessus", "title": "CentOS 3 : elfutils (CESA-2006:0368)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:elfutils", "p-cpe:/a:centos:centos:elfutils-devel", "p-cpe:/a:centos:centos:elfutils-libelf", "p-cpe:/a:centos:centos:elfutils-libelf-devel", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2006-0368.NASL", "href": "https://www.tenable.com/plugins/nessus/22082", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2006:0368 and \n# CentOS Errata and Security Advisory 2006:0368 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(22082);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-1704\");\n script_xref(name:\"RHSA\", value:\"2006:0368\");\n\n script_name(english:\"CentOS 3 : elfutils (CESA-2006:0368)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated elfutils packages that address a minor security issue and\nvarious other issues are now available.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nThe elfutils packages contain a number of utility programs and\nlibraries related to the creation and maintenance of executable code.\n\nThe elfutils packages that originally shipped with Red Hat Enterprise\nLinux 3 were GPL-licensed versions which lacked some functionality.\nPrevious updates provided fully functional versions of elfutils only\nunder the OSL license. This update provides a fully functional,\nGPL-licensed version of elfutils.\n\nIn the OSL-licensed elfutils versions provided in previous updates,\nsome tools could sometimes crash when given corrupted input files.\n(CVE-2005-1704)\n\nAlso, when the eu-strip tool was used to create separate debuginfo\nfiles from relocatable objects such as kernel modules (.ko), the\nresulting debuginfo files (.ko.debug) were sometimes corrupted. Both\nof these problems are fixed in the new version.\n\nUsers of elfutils should upgrade to these updated packages, which\nresolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-August/013095.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bfd2806e\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-August/013096.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?42dd965f\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2006-July/013049.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5f0bacab\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected elfutils packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:elfutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:elfutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:elfutils-libelf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:elfutils-libelf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/08/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"elfutils-0.94.1-2\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"elfutils-devel-0.94.1-2\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"elfutils-libelf-0.94.1-2\")) flag++;\nif (rpm_check(release:\"CentOS-3\", reference:\"elfutils-libelf-devel-0.94.1-2\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"elfutils / elfutils-devel / elfutils-libelf / elfutils-libelf-devel\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:16:30", "description": "An updated binutils package that fixes several bugs and minor security issues is now available.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nBinutils is a collection of utilities used for the creation of executable code. A number of bugs were found in various binutils tools.\n\nIf a user is tricked into processing a specially crafted executable with utilities such as readelf, size, strings, objdump, or nm, it may allow the execution of arbitrary code as the user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1704 to this issue.\n\nIn addition, the following bugs have been fixed :\n\n-- by default issue an error if IA-64 hint@pause instruction is put into the B slot, add assembler command line switch to override this behaviour -- fix linker's --emit-relocs with .gnu.warning.* section symbols -- fix gprof on 64-bit ppc binaries and libraries -- fix gas mapping of register names to dwarf2 register numbers in CFI directives\n\nAll users of binutils should upgrade to this updated package, which contains patches to resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2005-10-11T00:00:00", "type": "nessus", "title": "RHEL 4 : binutils (RHSA-2005:673)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:binutils", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2005-673.NASL", "href": "https://www.tenable.com/plugins/nessus/19991", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:673. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19991);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-1704\");\n script_xref(name:\"RHSA\", value:\"2005:673\");\n\n script_name(english:\"RHEL 4 : binutils (RHSA-2005:673)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated binutils package that fixes several bugs and minor security\nissues is now available.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nBinutils is a collection of utilities used for the creation of\nexecutable code. A number of bugs were found in various binutils\ntools.\n\nIf a user is tricked into processing a specially crafted executable\nwith utilities such as readelf, size, strings, objdump, or nm, it may\nallow the execution of arbitrary code as the user. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-1704 to this issue.\n\nIn addition, the following bugs have been fixed :\n\n-- by default issue an error if IA-64 hint@pause instruction is put\ninto the B slot, add assembler command line switch to override this\nbehaviour -- fix linker's --emit-relocs with .gnu.warning.* section\nsymbols -- fix gprof on 64-bit ppc binaries and libraries -- fix gas\nmapping of register names to dwarf2 register numbers in CFI directives\n\nAll users of binutils should upgrade to this updated package, which\ncontains patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:673\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected binutils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:673\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"binutils-2.15.92.0.2-15\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n }\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:15:35", "description": "An updated binutils package that fixes several bugs and minor security issues is now available.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nBinutils is a collection of utilities used for the creation of executable code. A number of bugs were found in various binutils tools.\n\nSeveral integer overflow bugs were found in binutils. If a user is tricked into processing a specially crafted executable with utilities such as readelf, size, strings, objdump, or nm, it may allow the execution of arbitrary code as the user running the utility. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1704 to this issue.\n\nAdditionally, the following bugs have been fixed :\n\n-- correct alignment of .tbss section if the requested alignment of .tbss is bigger than requested alignment of .tdata section -- by default issue an error if IA-64 hint@pause instruction is put into the B slot, add assembler command line switch to override this behaviour\n\nAll users of binutils should upgrade to this updated package, which contains backported patches to resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2006-07-03T00:00:00", "type": "nessus", "title": "CentOS 3 : binutils (CESA-2005:659)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:binutils", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2005-659.NASL", "href": "https://www.tenable.com/plugins/nessus/21848", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:659 and \n# CentOS Errata and Security Advisory 2005:659 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21848);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-1704\");\n script_xref(name:\"RHSA\", value:\"2005:659\");\n\n script_name(english:\"CentOS 3 : binutils (CESA-2005:659)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated binutils package that fixes several bugs and minor security\nissues is now available.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nBinutils is a collection of utilities used for the creation of\nexecutable code. A number of bugs were found in various binutils\ntools.\n\nSeveral integer overflow bugs were found in binutils. If a user is\ntricked into processing a specially crafted executable with utilities\nsuch as readelf, size, strings, objdump, or nm, it may allow the\nexecution of arbitrary code as the user running the utility. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2005-1704 to this issue.\n\nAdditionally, the following bugs have been fixed :\n\n-- correct alignment of .tbss section if the requested alignment of\n.tbss is bigger than requested alignment of .tdata section -- by\ndefault issue an error if IA-64 hint@pause instruction is put into the\nB slot, add assembler command line switch to override this behaviour\n\nAll users of binutils should upgrade to this updated package, which\ncontains backported patches to resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-September/012212.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9b8893ef\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-September/012231.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?27856d56\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-September/012232.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c0da8da0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected binutils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 3.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"binutils-2.14.90.0.4-39\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:53:36", "description": "An updated binutils package that fixes several bugs and minor security issues is now available.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nBinutils is a collection of utilities used for the creation of executable code. A number of bugs were found in various binutils tools.\n\nIf a user is tricked into processing a specially crafted executable with utilities such as readelf, size, strings, objdump, or nm, it may allow the execution of arbitrary code as the user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1704 to this issue.\n\nIn addition, the following bugs have been fixed :\n\n-- by default issue an error if IA-64 hint@pause instruction is put into the B slot, add assembler command line switch to override this behaviour -- fix linker's --emit-relocs with .gnu.warning.* section symbols -- fix gprof on 64-bit ppc binaries and libraries -- fix gas mapping of register names to dwarf2 register numbers in CFI directives\n\nAll users of binutils should upgrade to this updated package, which contains patches to resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-06-29T00:00:00", "type": "nessus", "title": "CentOS 4 : binutils (CESA-2005:673)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:binutils", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2005-673.NASL", "href": "https://www.tenable.com/plugins/nessus/67030", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:673 and \n# CentOS Errata and Security Advisory 2005:673 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67030);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-1704\");\n script_xref(name:\"RHSA\", value:\"2005:673\");\n\n script_name(english:\"CentOS 4 : binutils (CESA-2005:673)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated binutils package that fixes several bugs and minor security\nissues is now available.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nBinutils is a collection of utilities used for the creation of\nexecutable code. A number of bugs were found in various binutils\ntools.\n\nIf a user is tricked into processing a specially crafted executable\nwith utilities such as readelf, size, strings, objdump, or nm, it may\nallow the execution of arbitrary code as the user. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-1704 to this issue.\n\nIn addition, the following bugs have been fixed :\n\n-- by default issue an error if IA-64 hint@pause instruction is put\ninto the B slot, add assembler command line switch to override this\nbehaviour -- fix linker's --emit-relocs with .gnu.warning.* section\nsymbols -- fix gprof on 64-bit ppc binaries and libraries -- fix gas\nmapping of register names to dwarf2 register numbers in CFI directives\n\nAll users of binutils should upgrade to this updated package, which\ncontains patches to resolve these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-October/012240.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ee3d5e68\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected binutils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"binutils-2.15.92.0.2-15\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:16:42", "description": "An updated binutils package that fixes several bugs and minor security issues is now available.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nBinutils is a collection of utilities used for the creation of executable code. A number of bugs were found in various binutils tools.\n\nSeveral integer overflow bugs were found in binutils. If a user is tricked into processing a specially crafted executable with utilities such as readelf, size, strings, objdump, or nm, it may allow the execution of arbitrary code as the user running the utility. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1704 to this issue.\n\nAdditionally, the following bugs have been fixed :\n\n-- correct alignment of .tbss section if the requested alignment of .tbss is bigger than requested alignment of .tdata section -- by default issue an error if IA-64 hint@pause instruction is put into the B slot, add assembler command line switch to override this behaviour\n\nAll users of binutils should upgrade to this updated package, which contains backported patches to resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2005-10-05T00:00:00", "type": "nessus", "title": "RHEL 3 : binutils (RHSA-2005:659)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:binutils", "cpe:/o:redhat:enterprise_linux:3"], "id": "REDHAT-RHSA-2005-659.NASL", "href": "https://www.tenable.com/plugins/nessus/19831", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:659. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19831);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-1704\");\n script_xref(name:\"RHSA\", value:\"2005:659\");\n\n script_name(english:\"RHEL 3 : binutils (RHSA-2005:659)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated binutils package that fixes several bugs and minor security\nissues is now available.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nBinutils is a collection of utilities used for the creation of\nexecutable code. A number of bugs were found in various binutils\ntools.\n\nSeveral integer overflow bugs were found in binutils. If a user is\ntricked into processing a specially crafted executable with utilities\nsuch as readelf, size, strings, objdump, or nm, it may allow the\nexecution of arbitrary code as the user running the utility. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2005-1704 to this issue.\n\nAdditionally, the following bugs have been fixed :\n\n-- correct alignment of .tbss section if the requested alignment of\n.tbss is bigger than requested alignment of .tdata section -- by\ndefault issue an error if IA-64 hint@pause instruction is put into the\nB slot, add assembler command line switch to override this behaviour\n\nAll users of binutils should upgrade to this updated package, which\ncontains backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:659\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected binutils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/09/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:659\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"binutils-2.14.90.0.4-39\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n }\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-27T14:54:50", "description": "- Wed Jun 29 2005 Jakub Jelinek <jakub at redhat.com> 2.15.94.0.2.2-2.1\n\n - further bfd, readelf and binutils robustification (CVE-2005-1704, #158680)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2012-09-24T00:00:00", "type": "nessus", "title": "Fedora Core 4 : binutils-2.15.94.0.2.2-2.1 (2005-498)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:binutils", "p-cpe:/a:fedoraproject:fedora:binutils-debuginfo", "cpe:/o:fedoraproject:fedora_core:4"], "id": "FEDORA_2005-498.NASL", "href": "https://www.tenable.com/plugins/nessus/62259", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-498.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62259);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2005-498\");\n\n script_name(english:\"Fedora Core 4 : binutils-2.15.94.0.2.2-2.1 (2005-498)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Wed Jun 29 2005 Jakub Jelinek <jakub at redhat.com>\n 2.15.94.0.2.2-2.1\n\n - further bfd, readelf and binutils robustification\n (CVE-2005-1704, #158680)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-June/001006.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eba237bf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected binutils and / or binutils-debuginfo packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 4.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC4\", reference:\"binutils-2.15.94.0.2.2-2.1\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"binutils-debuginfo-2.15.94.0.2.2-2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils / binutils-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-03-27T14:31:59", "description": "- Wed Jun 29 2005 Jakub Jelinek <jakub at redhat.com> 2.15.92.0.2-5.1\n\n - bfd and readelf robustification (CVE-2005-1704, #158680)\n\n - fix buffer overflows in readelf (#149506)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2005-06-29T00:00:00", "type": "nessus", "title": "Fedora Core 3 : binutils-2.15.92.0.2-5.1 (2005-497)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:binutils", "p-cpe:/a:fedoraproject:fedora:binutils-debuginfo", "cpe:/o:fedoraproject:fedora_core:3"], "id": "FEDORA_2005-497.NASL", "href": "https://www.tenable.com/plugins/nessus/18593", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-497.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18593);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2005-497\");\n\n script_name(english:\"Fedora Core 3 : binutils-2.15.92.0.2-5.1 (2005-497)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Wed Jun 29 2005 Jakub Jelinek <jakub at redhat.com>\n 2.15.92.0.2-5.1\n\n - bfd and readelf robustification (CVE-2005-1704, #158680)\n\n - fix buffer overflows in readelf (#149506)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-June/001005.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d6b5ddde\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected binutils and / or binutils-debuginfo packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:binutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/06/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/06/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 3.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC3\", reference:\"binutils-2.15.92.0.2-5.1\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"binutils-debuginfo-2.15.92.0.2-5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils / binutils-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T12:30:54", "description": "An updated binutils package that fixes minor security issues is now available.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nBinutils is a collection of utilities used for the creation of executable code. A number of bugs were found in various binutils tools.\n\nSeveral integer overflow bugs were found in binutils. If a user is tricked into processing a specially crafted executable with utilities such as readelf, size, strings, objdump, or nm, it may allow the execution of arbitrary code as the user running the utility. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1704 to this issue.\n\nAll users of binutils should upgrade to this updated package, which contains backported patches to resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2005-10-19T00:00:00", "type": "nessus", "title": "RHEL 2.1 : binutils (RHSA-2005:763)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:binutils", "cpe:/o:redhat:enterprise_linux:2.1"], "id": "REDHAT-RHSA-2005-763.NASL", "href": "https://www.tenable.com/plugins/nessus/20045", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:763. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20045);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-1704\");\n script_xref(name:\"RHSA\", value:\"2005:763\");\n\n script_name(english:\"RHEL 2.1 : binutils (RHSA-2005:763)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated binutils package that fixes minor security issues is now\navailable.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nBinutils is a collection of utilities used for the creation of\nexecutable code. A number of bugs were found in various binutils\ntools.\n\nSeveral integer overflow bugs were found in binutils. If a user is\ntricked into processing a specially crafted executable with utilities\nsuch as readelf, size, strings, objdump, or nm, it may allow the\nexecution of arbitrary code as the user running the utility. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2005-1704 to this issue.\n\nAll users of binutils should upgrade to this updated package, which\ncontains backported patches to resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:763\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected binutils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:763\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"binutils-2.11.90.0.8-12.5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils\");\n }\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:16:13", "description": "Integer overflows in various applications in the binutils package may allow attackers to execute arbitrary code via a carefully crafted object file.\n\nThe updated packages have been patched to help address these problems.", "cvss3": {"score": null, "vector": null}, "published": "2006-01-15T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : binutils (MDKSA-2005:215)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:binutils", "p-cpe:/a:mandriva:linux:lib64binutils2", "p-cpe:/a:mandriva:linux:lib64binutils2-devel", "p-cpe:/a:mandriva:linux:libbinutils2", "p-cpe:/a:mandriva:linux:libbinutils2-devel", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "x-cpe:/o:mandrakesoft:mandrake_linux:le2005"], "id": "MANDRAKE_MDKSA-2005-215.NASL", "href": "https://www.tenable.com/plugins/nessus/20447", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:215. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20447);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-1704\");\n script_xref(name:\"MDKSA\", value:\"2005:215\");\n\n script_name(english:\"Mandrake Linux Security Advisory : binutils (MDKSA-2005:215)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Integer overflows in various applications in the binutils package may\nallow attackers to execute arbitrary code via a carefully crafted\nobject file.\n\nThe updated packages have been patched to help address these problems.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64binutils2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64binutils2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libbinutils2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libbinutils2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.1\", reference:\"binutils-2.15.90.0.3-1.2.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64binutils2-2.15.90.0.3-1.2.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64binutils2-devel-2.15.90.0.3-1.2.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libbinutils2-2.15.90.0.3-1.2.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libbinutils2-devel-2.15.90.0.3-1.2.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.2\", reference:\"binutils-2.15.92.0.2-6.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64binutils2-2.15.92.0.2-6.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64binutils2-devel-2.15.92.0.2-6.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libbinutils2-2.15.92.0.2-6.2.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libbinutils2-devel-2.15.92.0.2-6.2.102mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T13:16:30", "description": "An updated gdb package that fixes minor security issues is now available.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nGDB, the GNU debugger, allows debugging of programs written in C, C++, and other languages by executing them in a controlled fashion, then printing their data.\n\nSeveral integer overflow bugs were found in gdb. If a user is tricked into processing a specially crafted executable file, it may allow the execution of arbitrary code as the user running gdb. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1704 to this issue.\n\nA bug was found in the way gdb loads .gdbinit files. When a user executes gdb, the local directory is searched for a .gdbinit file which is then loaded. It is possible for a local user to execute arbitrary commands as the user running gdb by placing a malicious .gdbinit file in a location where gdb may be run. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1705 to this issue.\n\nAll users of gdb should upgrade to this updated package, which contains backported patches that resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2005-10-19T00:00:00", "type": "nessus", "title": "RHEL 2.1 : gdb (RHSA-2005:801)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:gdb", "cpe:/o:redhat:enterprise_linux:2.1"], "id": "REDHAT-RHSA-2005-801.NASL", "href": "https://www.tenable.com/plugins/nessus/20059", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:801. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20059);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-1704\", \"CVE-2005-1705\");\n script_xref(name:\"RHSA\", value:\"2005:801\");\n\n script_name(english:\"RHEL 2.1 : gdb (RHSA-2005:801)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated gdb package that fixes minor security issues is now\navailable.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nGDB, the GNU debugger, allows debugging of programs written in C, C++,\nand other languages by executing them in a controlled fashion, then\nprinting their data.\n\nSeveral integer overflow bugs were found in gdb. If a user is tricked\ninto processing a specially crafted executable file, it may allow the\nexecution of arbitrary code as the user running gdb. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-1704 to this issue.\n\nA bug was found in the way gdb loads .gdbinit files. When a user\nexecutes gdb, the local directory is searched for a .gdbinit file\nwhich is then loaded. It is possible for a local user to execute\narbitrary commands as the user running gdb by placing a malicious\n.gdbinit file in a location where gdb may be run. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-1705 to this issue.\n\nAll users of gdb should upgrade to this updated package, which\ncontains backported patches that resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:801\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gdb package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gdb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:801\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"gdb-5.3.90-0.20030710.41.2.4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdb\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:17:20", "description": "Tavis Ormandy of the Gentoo Linux Security Audit Team discovered two vulnerabilities in the GNU debugger. The first allows an attacker to execute arbitrary code with the privileges of the user running gdb if they can trick the user into loading a specially crafted executable (CVE-2005-1704).\n\nHe also discovered that gdb loads and executes the file .gdbinit in the current directory even if the file belongs to a different user. If a user can be tricked into running gdb in a directory with a malicious .gdbinit file, a local attacker can exploit this to run arbitrary commands with the privileges of the user running gdb (CVE-2005-1705).\n\nThe updated packages have been patched to correct these problems.", "cvss3": {"score": null, "vector": null}, "published": "2005-05-31T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : gdb (MDKSA-2005:095)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:gdb", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "x-cpe:/o:mandrakesoft:mandrake_linux:le2005"], "id": "MANDRAKE_MDKSA-2005-095.NASL", "href": "https://www.tenable.com/plugins/nessus/18404", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:095. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18404);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-1704\", \"CVE-2005-1705\");\n script_xref(name:\"MDKSA\", value:\"2005:095\");\n\n script_name(english:\"Mandrake Linux Security Advisory : gdb (MDKSA-2005:095)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandrake Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tavis Ormandy of the Gentoo Linux Security Audit Team discovered two\nvulnerabilities in the GNU debugger. The first allows an attacker to\nexecute arbitrary code with the privileges of the user running gdb if\nthey can trick the user into loading a specially crafted executable\n(CVE-2005-1704).\n\nHe also discovered that gdb loads and executes the file .gdbinit in\nthe current directory even if the file belongs to a different user. If\na user can be tricked into running gdb in a directory with a malicious\n.gdbinit file, a local attacker can exploit this to run arbitrary\ncommands with the privileges of the user running gdb (CVE-2005-1705).\n\nThe updated packages have been patched to correct these problems.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gdb package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gdb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/05/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", reference:\"gdb-6.0-2.1.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.1\", reference:\"gdb-6.2-2.1.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.2\", reference:\"gdb-6.3-3.1.102mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:53:57", "description": "An updated gdb package that fixes several bugs and minor security issues is now available.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nGDB, the GNU debugger, allows debugging of programs written in C, C++, and other languages by executing them in a controlled fashion, then printing their data.\n\nSeveral integer overflow bugs were found in gdb. If a user is tricked into processing a specially crafted executable file, it may allow the execution of arbitrary code as the user running gdb. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1704 to this issue.\n\nA bug was found in the way gdb loads .gdbinit files. When a user executes gdb, the local directory is searched for a .gdbinit file which is then loaded. It is possible for a local user to execute arbitrary commands as the victim running gdb by placing a malicious .gdbinit file in a location where gdb may be run. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1705 to this issue.\n\nThis updated package also addresses the following issues :\n\n - GDB on ia64 had previously implemented a bug fix to work-around a kernel problem when creating a core file via gcore. The bug fix caused a significant slow-down of gcore.\n\n - GDB on ia64 issued an extraneous warning when gcore was used.\n\n - GDB on ia64 could not backtrace over a sigaltstack.\n\n - GDB on ia64 could not successfully do an info frame for a signal trampoline.\n\n - GDB on AMD64 and Intel EM64T had problems attaching to a 32-bit process.\n\n - GDB on AMD64 and Intel EM64T was not properly handling threaded watchpoints.\n\n - GDB could not build with gcc4 when -Werror flag was set.\n\n - GDB had problems printing inherited members of C++ classes.\n\n - A few updates from mainline sources concerning Dwarf2 partial die in cache support, follow-fork support, interrupted syscall support, and DW_OP_piece read support.\n\nAll users of gdb should upgrade to this updated package, which resolves these issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-06-29T00:00:00", "type": "nessus", "title": "CentOS 4 : gdb (CESA-2005:709)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:gdb", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2005-709.NASL", "href": "https://www.tenable.com/plugins/nessus/67033", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:709 and \n# CentOS Errata and Security Advisory 2005:709 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67033);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-1704\", \"CVE-2005-1705\");\n script_xref(name:\"RHSA\", value:\"2005:709\");\n\n script_name(english:\"CentOS 4 : gdb (CESA-2005:709)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated gdb package that fixes several bugs and minor security\nissues is now available.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nGDB, the GNU debugger, allows debugging of programs written in C, C++,\nand other languages by executing them in a controlled fashion, then\nprinting their data.\n\nSeveral integer overflow bugs were found in gdb. If a user is tricked\ninto processing a specially crafted executable file, it may allow the\nexecution of arbitrary code as the user running gdb. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-1704 to this issue.\n\nA bug was found in the way gdb loads .gdbinit files. When a user\nexecutes gdb, the local directory is searched for a .gdbinit file\nwhich is then loaded. It is possible for a local user to execute\narbitrary commands as the victim running gdb by placing a malicious\n.gdbinit file in a location where gdb may be run. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-1705 to this issue.\n\nThis updated package also addresses the following issues :\n\n - GDB on ia64 had previously implemented a bug fix to\n work-around a kernel problem when creating a core file\n via gcore. The bug fix caused a significant slow-down of\n gcore.\n\n - GDB on ia64 issued an extraneous warning when gcore was\n used.\n\n - GDB on ia64 could not backtrace over a sigaltstack.\n\n - GDB on ia64 could not successfully do an info frame for\n a signal trampoline.\n\n - GDB on AMD64 and Intel EM64T had problems attaching to a\n 32-bit process.\n\n - GDB on AMD64 and Intel EM64T was not properly handling\n threaded watchpoints.\n\n - GDB could not build with gcc4 when -Werror flag was set.\n\n - GDB had problems printing inherited members of C++\n classes.\n\n - A few updates from mainline sources concerning Dwarf2\n partial die in cache support, follow-fork support,\n interrupted syscall support, and DW_OP_piece read\n support.\n\nAll users of gdb should upgrade to this updated package, which\nresolves these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-October/012243.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?26127f72\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gdb package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gdb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"gdb-6.3.0.0-1.63\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdb\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:17:19", "description": "The remote host is affected by the vulnerability described in GLSA-200505-15 (gdb: Multiple vulnerabilities)\n\n Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer overflow in the BFD library, resulting in a heap overflow. A review also showed that by default, gdb insecurely sources initialisation files from the working directory.\n Impact :\n\n Successful exploitation would result in the execution of arbitrary code on loading a specially crafted object file or the execution of arbitrary commands.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2005-05-28T00:00:00", "type": "nessus", "title": "GLSA-200505-15 : gdb: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:gdb", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200505-15.NASL", "href": "https://www.tenable.com/plugins/nessus/18379", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200505-15.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18379);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-1704\", \"CVE-2005-1705\");\n script_xref(name:\"GLSA\", value:\"200505-15\");\n\n script_name(english:\"GLSA-200505-15 : gdb: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200505-15\n(gdb: Multiple vulnerabilities)\n\n Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an\n integer overflow in the BFD library, resulting in a heap overflow. A\n review also showed that by default, gdb insecurely sources\n initialisation files from the working directory.\n \nImpact :\n\n Successful exploitation would result in the execution of arbitrary code\n on loading a specially crafted object file or the execution of\n arbitrary commands.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200505-15\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All gdb users should upgrade to the latest stable version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-devel/gdb-6.3-r3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gdb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/05/28\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-devel/gdb\", unaffected:make_list(\"ge 6.3-r3\"), vulnerable:make_list(\"lt 6.3-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdb\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:37:28", "description": "This is an fc3 update for gdb regarding security issues :\n\nCVE-2005-1704 Integer Overflow in gdb\n\nThis problem is that gdb's internal copy of bfd does not protect against heap-based overflow.\n\nCVE-2005-1705 gdb arbitrary command execution\n\nThis problem allows unprotected .gdbinit files to execute arbitrary commands during gdb startup.\n\nFixes for both problems are found in :\n\ngdb-6.1post-1.20040607.43.0.1\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2005-10-28T00:00:00", "type": "nessus", "title": "Fedora Core 3 : gdb-6.1post-1.20040607.43.0.1 (2005-1032)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gdb", "p-cpe:/a:fedoraproject:fedora:gdb-debuginfo", "cpe:/o:fedoraproject:fedora_core:3"], "id": "FEDORA_2005-1032.NASL", "href": "https://www.tenable.com/plugins/nessus/20100", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-1032.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20100);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2005-1032\");\n\n script_name(english:\"Fedora Core 3 : gdb-6.1post-1.20040607.43.0.1 (2005-1032)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is an fc3 update for gdb regarding security issues :\n\nCVE-2005-1704 Integer Overflow in gdb\n\nThis problem is that gdb's internal copy of bfd does not protect\nagainst heap-based overflow.\n\nCVE-2005-1705 gdb arbitrary command execution\n\nThis problem allows unprotected .gdbinit files to execute arbitrary\ncommands during gdb startup.\n\nFixes for both problems are found in :\n\ngdb-6.1post-1.20040607.43.0.1\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-October/001520.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d88de56d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gdb and / or gdb-debuginfo packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gdb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 3.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC3\", reference:\"gdb-6.1post-1.20040607.43.0.1\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"gdb-debuginfo-6.1post-1.20040607.43.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdb / gdb-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T13:16:17", "description": "Tavis Ormandy found an integer overflow in the GNU debugger. By tricking an user into merely load a specially crafted executable, an attacker could exploit this to execute arbitrary code with the privileges of the user running gdb. However, loading untrusted binaries without actually executing them is rather uncommon, so the risk of this flaw is low. (CAN-2005-1704)\n\nTavis Ormandy also discovered that gdb loads and executes the file '.gdbinit' in the current directory even if the file belongs to a different user. By tricking an user into run gdb in a directory with a malicious .gdbinit file, a local attacker could exploit this to run arbitrary commands with the privileges of the user invoking gdb.\n(CAN-2005-1705).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2006-01-15T00:00:00", "type": "nessus", "title": "Ubuntu 4.10 / 5.04 : gdb vulnerabilities (USN-135-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:gdb", "cpe:/o:canonical:ubuntu_linux:4.10", "cpe:/o:canonical:ubuntu_linux:5.04"], "id": "UBUNTU_USN-135-1.NASL", "href": "https://www.tenable.com/plugins/nessus/20526", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-135-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20526);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2005-1704\", \"CVE-2005-1705\");\n script_xref(name:\"USN\", value:\"135-1\");\n\n script_name(english:\"Ubuntu 4.10 / 5.04 : gdb vulnerabilities (USN-135-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tavis Ormandy found an integer overflow in the GNU debugger. By\ntricking an user into merely load a specially crafted executable, an\nattacker could exploit this to execute arbitrary code with the\nprivileges of the user running gdb. However, loading untrusted\nbinaries without actually executing them is rather uncommon, so the\nrisk of this flaw is low. (CAN-2005-1704)\n\nTavis Ormandy also discovered that gdb loads and executes the file\n'.gdbinit' in the current directory even if the file belongs to a\ndifferent user. By tricking an user into run gdb in a directory with a\nmalicious .gdbinit file, a local attacker could exploit this to run\narbitrary commands with the privileges of the user invoking gdb.\n(CAN-2005-1705).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gdb package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gdb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10|5\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10 / 5.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"gdb\", pkgver:\"6.1-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"gdb\", pkgver:\"6.3-5ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdb\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:36:52", "description": "This is an fc4 update for gdb that includes security issues :\n\nCVE-2005-1704 Integer Overflow in gdb\n\nThis problem is that gdb's internal copy of bfd does not protect against heap-based overflow.\n\nCVE-2005-1705 gdb arbitrary command execution\n\nThis problem allows unprotected .gdbinit files to execute arbitrary commands during gdb startup.\n\nFixes for both problems are found in :\n\ngdb-6.3.0.0-1.84\n\nThis release also contains some additional fixes from the last update.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2005-10-28T00:00:00", "type": "nessus", "title": "Fedora Core 4 : gdb-6.3.0.0-1.84 (2005-1033)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gdb", "p-cpe:/a:fedoraproject:fedora:gdb-debuginfo", "cpe:/o:fedoraproject:fedora_core:4"], "id": "FEDORA_2005-1033.NASL", "href": "https://www.tenable.com/plugins/nessus/20101", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-1033.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20101);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2005-1033\");\n\n script_name(english:\"Fedora Core 4 : gdb-6.3.0.0-1.84 (2005-1033)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is an fc4 update for gdb that includes security issues :\n\nCVE-2005-1704 Integer Overflow in gdb\n\nThis problem is that gdb's internal copy of bfd does not protect\nagainst heap-based overflow.\n\nCVE-2005-1705 gdb arbitrary command execution\n\nThis problem allows unprotected .gdbinit files to execute arbitrary\ncommands during gdb startup.\n\nFixes for both problems are found in :\n\ngdb-6.3.0.0-1.84\n\nThis release also contains some additional fixes from the last update.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-October/001522.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?55e6a187\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gdb and / or gdb-debuginfo packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gdb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 4.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC4\", reference:\"gdb-6.3.0.0-1.84\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"gdb-debuginfo-6.3.0.0-1.84\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdb / gdb-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T13:16:30", "description": "An updated gdb package that fixes several bugs and minor security issues is now available.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nGDB, the GNU debugger, allows debugging of programs written in C, C++, and other languages by executing them in a controlled fashion, then printing their data.\n\nSeveral integer overflow bugs were found in gdb. If a user is tricked into processing a specially crafted executable file, it may allow the execution of arbitrary code as the user running gdb. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1704 to this issue.\n\nA bug was found in the way gdb loads .gdbinit files. When a user executes gdb, the local directory is searched for a .gdbinit file which is then loaded. It is possible for a local user to execute arbitrary commands as the victim running gdb by placing a malicious .gdbinit file in a location where gdb may be run. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1705 to this issue.\n\nThis updated package also addresses the following issues :\n\n - GDB on ia64 had previously implemented a bug fix to work-around a kernel problem when creating a core file via gcore. The bug fix caused a significant slow-down of gcore.\n\n - GDB on ia64 issued an extraneous warning when gcore was used.\n\n - GDB on ia64 could not backtrace over a sigaltstack.\n\n - GDB on ia64 could not successfully do an info frame for a signal trampoline.\n\n - GDB on AMD64 and Intel EM64T had problems attaching to a 32-bit process.\n\n - GDB on AMD64 and Intel EM64T was not properly handling threaded watchpoints.\n\n - GDB could not build with gcc4 when -Werror flag was set.\n\n - GDB had problems printing inherited members of C++ classes.\n\n - A few updates from mainline sources concerning Dwarf2 partial die in cache support, follow-fork support, interrupted syscall support, and DW_OP_piece read support.\n\nAll users of gdb should upgrade to this updated package, which resolves these issues.", "cvss3": {"score": null, "vector": null}, "published": "2005-10-11T00:00:00", "type": "nessus", "title": "RHEL 4 : gdb (RHSA-2005:709)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:gdb", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2005-709.NASL", "href": "https://www.tenable.com/plugins/nessus/19994", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:709. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19994);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-1704\", \"CVE-2005-1705\");\n script_xref(name:\"RHSA\", value:\"2005:709\");\n\n script_name(english:\"RHEL 4 : gdb (RHSA-2005:709)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated gdb package that fixes several bugs and minor security\nissues is now available.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nGDB, the GNU debugger, allows debugging of programs written in C, C++,\nand other languages by executing them in a controlled fashion, then\nprinting their data.\n\nSeveral integer overflow bugs were found in gdb. If a user is tricked\ninto processing a specially crafted executable file, it may allow the\nexecution of arbitrary code as the user running gdb. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-1704 to this issue.\n\nA bug was found in the way gdb loads .gdbinit files. When a user\nexecutes gdb, the local directory is searched for a .gdbinit file\nwhich is then loaded. It is possible for a local user to execute\narbitrary commands as the victim running gdb by placing a malicious\n.gdbinit file in a location where gdb may be run. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-1705 to this issue.\n\nThis updated package also addresses the following issues :\n\n - GDB on ia64 had previously implemented a bug fix to\n work-around a kernel problem when creating a core file\n via gcore. The bug fix caused a significant slow-down of\n gcore.\n\n - GDB on ia64 issued an extraneous warning when gcore was\n used.\n\n - GDB on ia64 could not backtrace over a sigaltstack.\n\n - GDB on ia64 could not successfully do an info frame for\n a signal trampoline.\n\n - GDB on AMD64 and Intel EM64T had problems attaching to a\n 32-bit process.\n\n - GDB on AMD64 and Intel EM64T was not properly handling\n threaded watchpoints.\n\n - GDB could not build with gcc4 when -Werror flag was set.\n\n - GDB had problems printing inherited members of C++\n classes.\n\n - A few updates from mainline sources concerning Dwarf2\n partial die in cache support, follow-fork support,\n interrupted syscall support, and DW_OP_piece read\n support.\n\nAll users of gdb should upgrade to this updated package, which\nresolves these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:709\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gdb package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gdb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:709\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"gdb-6.3.0.0-1.63\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdb\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-10-21T04:46:12", "description": "Binutils is a collection of utilities used for the creation of executable\r\ncode. A number of bugs were found in various binutils tools. \r\n\r\nIf a user is tricked into processing a specially crafted executable with\r\nutilities such as readelf, size, strings, objdump, or nm, it may allow the\r\nexecution of arbitrary code as the user. The Common Vulnerabilities and\r\nExposures project (cve.mitre.org) has assigned the name CAN-2005-1704 to\r\nthis issue.\r\n\r\nIn addition, the following bugs have been fixed:\r\n\r\n-- by default issue an error if IA-64 hint@pause instruction is\r\n put into the B slot, add assembler command line switch to\r\n override this behaviour\r\n-- fix linker's --emit-relocs with .gnu.warning.* section symbols\r\n-- fix gprof on 64-bit ppc binaries and libraries\r\n-- fix gas mapping of register names to dwarf2 register numbers\r\n in CFI directives\r\n\r\nAll users of binutils should upgrade to this updated package, which\r\ncontains patches to resolve these issues.", "cvss3": {}, "published": "2005-10-05T00:00:00", "type": "redhat", "title": "(RHSA-2005:673) binutils security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704"], "modified": "2017-09-08T08:12:23", "id": "RHSA-2005:673", "href": "https://access.redhat.com/errata/RHSA-2005:673", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T04:44:54", "description": "The elfutils packages contain a number of utility programs and libraries\r\nrelated to the creation and maintenance of executable code.\r\n\r\nThe elfutils packages that originally shipped with Red Hat Enterprise Linux\r\n3 were GPL-licensed versions which lacked some functionality. Previous\r\nupdates provided fully functional versions of elfutils only under the OSL\r\nlicense. This update provides a fully functional, GPL-licensed version of\r\nelfutils. \r\n\r\nIn the OSL-licensed elfutils versions provided in previous updates, some\r\ntools could sometimes crash when given corrupted input files. (CVE-2005-1704)\r\n\r\nAlso, when the eu-strip tool was used to create separate debuginfo files\r\nfrom relocatable objects such as kernel modules (.ko), the resulting\r\ndebuginfo files (.ko.debug) were sometimes corrupted. Both of these\r\nproblems are fixed in the new version.\r\n\r\nUsers of elfutils should upgrade to these updated packages, which resolve\r\nthese issues.", "cvss3": {}, "published": "2006-07-20T09:25:51", "type": "redhat", "title": "(RHSA-2006:0368) elfutils security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704"], "modified": "2017-07-29T16:31:59", "id": "RHSA-2006:0368", "href": "https://access.redhat.com/errata/RHSA-2006:0368", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T04:46:09", "description": "The elfutils packages contain a number of utility programs and libraries\r\nrelated to the creation and maintenance of executable code.\r\n\r\nThe elfutils packages that originally shipped with Red Hat Enterprise Linux 4\r\nwere GPL-licensed versions which lacked some functionality. Previous\r\nupdates provided fully functional versions of elfutils only under the OSL\r\nlicense. This update provides a fully functional, GPL-licensed version of\r\nelfutils. \r\n\r\nIn the OSL-licensed elfutils versions provided in previous updates, some\r\ntools could sometimes crash when given corrupted input files. (CVE-2005-1704)\r\n\r\nAlso, when the eu-strip tool was used to create separate debuginfo files\r\nfrom relocatable objects such as kernel modules (.ko), the resulting\r\ndebuginfo files (.ko.debug) were sometimes corrupted. Both of these\r\nproblems are fixed in the new version.\r\n\r\nUsers of elfutils should upgrade to these updated packages, which resolve\r\nthese issues.", "cvss3": {}, "published": "2006-08-10T00:00:00", "type": "redhat", "title": "(RHSA-2006:0354) elfutils security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704"], "modified": "2017-09-08T07:53:48", "id": "RHSA-2006:0354", "href": "https://access.redhat.com/errata/RHSA-2006:0354", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T04:43:25", "description": "Binutils is a collection of utilities used for the creation of executable\r\ncode. A number of bugs were found in various binutils tools. \r\n\r\nSeveral integer overflow bugs were found in binutils. If a user is tricked\r\ninto processing a specially crafted executable with utilities such as\r\nreadelf, size, strings, objdump, or nm, it may allow the execution of\r\narbitrary code as the user running the utility. The Common Vulnerabilities\r\nand Exposures project (cve.mitre.org) has assigned the name CAN-2005-1704\r\nto this issue.\r\n\r\nAll users of binutils should upgrade to this updated package, which\r\ncontains backported patches to resolve these issues.", "cvss3": {}, "published": "2005-10-11T00:00:00", "type": "redhat", "title": "(RHSA-2005:763) binutils security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704"], "modified": "2018-03-14T15:27:40", "id": "RHSA-2005:763", "href": "https://access.redhat.com/errata/RHSA-2005:763", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T04:43:35", "description": "Binutils is a collection of utilities used for the creation of executable\r\ncode. A number of bugs were found in various binutils tools. \r\n\r\nSeveral integer overflow bugs were found in binutils. If a user is tricked\r\ninto processing a specially crafted executable with utilities such as\r\nreadelf, size, strings, objdump, or nm, it may allow the execution of\r\narbitrary code as the user running the utility. The Common Vulnerabilities\r\nand Exposures project (cve.mitre.org) has assigned the name CAN-2005-1704\r\nto this issue.\r\n\r\nAdditionally, the following bugs have been fixed:\r\n\r\n-- correct alignment of .tbss section if the requested alignment\r\n of .tbss is bigger than requested alignment of .tdata section\r\n-- by default issue an error if IA-64 hint@pause instruction is\r\n put into the B slot, add assembler command line switch to\r\n override this behaviour\r\n\r\nAll users of binutils should upgrade to this updated package, which\r\ncontains backported patches to resolve these issues.", "cvss3": {}, "published": "2005-09-28T00:00:00", "type": "redhat", "title": "(RHSA-2005:659) binutils security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704"], "modified": "2017-07-29T16:30:52", "id": "RHSA-2005:659", "href": "https://access.redhat.com/errata/RHSA-2005:659", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T04:44:05", "description": "GDB, the GNU debugger, allows debugging of programs written in C, C++,\r\nand other languages by executing them in a controlled fashion, then\r\nprinting their data.\r\n\r\nSeveral integer overflow bugs were found in gdb. If a user is tricked\r\ninto processing a specially crafted executable file, it may allow the\r\nexecution of arbitrary code as the user running gdb. The Common\r\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\r\nCAN-2005-1704 to this issue.\r\n\r\nA bug was found in the way gdb loads .gdbinit files. When a user executes\r\ngdb, the local directory is searched for a .gdbinit file which is then\r\nloaded. It is possible for a local user to execute arbitrary commands as\r\nthe victim running gdb by placing a malicious .gdbinit file in a location\r\nwhere gdb may be run. The Common Vulnerabilities and Exposures project\r\n(cve.mitre.org) has assigned the name CAN-2005-1705 to this issue.\r\n\r\nThis updated package also addresses the following issues:\r\n\r\n- GDB on ia64 had previously implemented a bug fix to work-around a kernel\r\nproblem when creating a core file via gcore. The bug fix caused a\r\nsignificant slow-down of gcore.\r\n\r\n- GDB on ia64 issued an extraneous warning when gcore was used.\r\n\r\n- GDB on ia64 could not backtrace over a sigaltstack.\r\n\r\n- GDB on ia64 could not successfully do an info frame for a signal trampoline.\r\n\r\n- GDB on AMD64 and Intel EM64T had problems attaching to a 32-bit process.\r\n\r\n- GDB on AMD64 and Intel EM64T was not properly handling threaded watchpoints.\r\n\r\n- GDB could not build with gcc4 when -Werror flag was set.\r\n\r\n- GDB had problems printing inherited members of C++ classes.\r\n\r\n- A few updates from mainline sources concerning Dwarf2 partial die in\r\ncache support, follow-fork support, interrupted syscall support, and\r\nDW_OP_piece read support.\r\n\r\nAll users of gdb should upgrade to this updated package, which resolves\r\nthese issues.", "cvss3": {}, "published": "2005-10-05T00:00:00", "type": "redhat", "title": "(RHSA-2005:709) gdb security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2017-09-08T08:10:13", "id": "RHSA-2005:709", "href": "https://access.redhat.com/errata/RHSA-2005:709", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:42:45", "description": "GDB, the GNU debugger, allows debugging of programs written in C, C++, and\r\nother languages by executing them in a controlled fashion, then printing\r\ntheir data.\r\n\r\nSeveral integer overflow bugs were found in gdb. If a user is tricked into\r\nprocessing a specially crafted executable file, it may allow the execution\r\nof arbitrary code as the user running gdb. The Common Vulnerabilities and\r\nExposures project (cve.mitre.org) has assigned the name CAN-2005-1704 to\r\nthis issue.\r\n\r\nA bug was found in the way gdb loads .gdbinit files. When a user executes\r\ngdb, the local directory is searched for a .gdbinit file which is then\r\nloaded. It is possible for a local user to execute arbitrary commands as\r\nthe user running gdb by placing a malicious .gdbinit file in a location\r\nwhere gdb may be run. The Common Vulnerabilities and Exposures project\r\n(cve.mitre.org) has assigned the name CAN-2005-1705 to this issue.\r\n\r\nAll users of gdb should upgrade to this updated package, which contains\r\nbackported patches that resolve these issues.", "cvss3": {}, "published": "2005-10-18T00:00:00", "type": "redhat", "title": "(RHSA-2005:801) gdb security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2018-03-14T15:26:06", "id": "RHSA-2005:801", "href": "https://access.redhat.com/errata/RHSA-2005:801", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntucve": [{"lastseen": "2021-11-22T22:04:17", "description": "Integer overflow in the Binary File Descriptor (BFD) library for gdb before\n6.3, binutils, elfutils, and possibly other packages, allows user-assisted\nattackers to execute arbitrary code via a crafted object file that\nspecifies a large number of section headers, leading to a heap-based buffer\noverflow.", "cvss3": {}, "published": "2005-05-24T00:00:00", "type": "ubuntucve", "title": "CVE-2005-1704", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704"], "modified": "2005-05-24T00:00:00", "id": "UB:CVE-2005-1704", "href": "https://ubuntu.com/security/CVE-2005-1704", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-07-24T12:50:02", "description": "The remote host is missing updates announced in\nadvisory GLSA 200506-01.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200506-01 (binutils)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:54953", "href": "http://plugins.openvas.org/nasl.php?oid=54953", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Various utilities from the GNU Binutils and elfutils packages are\nvulnerable to a heap based buffer overflow, potentially resulting in the\nexecution of arbitrary code.\";\ntag_solution = \"All GNU Binutils users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose sys-devel/binutils\n\nAll elfutils users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-libs/elfutils-0.108'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200506-01\nhttp://bugs.gentoo.org/show_bug.cgi?id=91398\nhttp://bugs.gentoo.org/show_bug.cgi?id=91817\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200506-01.\";\n\n \n\nif(description)\n{\n script_id(54953);\n script_cve_id(\"CVE-2005-1704\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_name(\"Gentoo Security Advisory GLSA 200506-01 (binutils)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"dev-libs/elfutils\", unaffected: make_list(\"ge 0.108\"), vulnerable: make_list(\"lt 0.108\"))) != NULL) {\n report += res;\n}\nif ((res = ispkgvuln(pkg:\"sys-devel/binutils\", unaffected: make_list(\"rge 2.14.90.0.8-r3\", \"rge 2.15.90.0.1.1-r5\", \"rge 2.15.90.0.3-r5\", \"rge 2.15.91.0.2-r2\", \"rge 2.15.92.0.2-r10\", \"ge 2.16-r1\"), vulnerable: make_list(\"lt 2.16-r1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:48", "description": "The remote host is missing updates announced in\nadvisory GLSA 200505-15.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200505-15 (gdb)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1705", "CVE-2005-1704"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:54947", "href": "http://plugins.openvas.org/nasl.php?oid=54947", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been discovered in the GNU debugger,\npotentially allowing the execution of arbitrary code.\";\ntag_solution = \"All gdb users should upgrade to the latest stable version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-devel/gdb-6.3-r3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200505-15\nhttp://bugs.gentoo.org/show_bug.cgi?id=88398\nhttp://bugs.gentoo.org/show_bug.cgi?id=91398\nhttp://bugs.gentoo.org/show_bug.cgi?id=91654\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200505-15.\";\n\n \n\nif(description)\n{\n script_id(54947);\n script_cve_id(\"CVE-2005-1704\",\"CVE-2005-1705\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_name(\"Gentoo Security Advisory GLSA 200505-15 (gdb)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"sys-devel/gdb\", unaffected: make_list(\"ge 6.3-r3\"), vulnerable: make_list(\"lt 6.3-r3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2022-01-17T19:18:59", "description": "### Background\n\nThe GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Elfutils provides a library and utilities to access, modify and analyse ELF objects. \n\n### Description\n\nTavis Ormandy and Ned Ludd of the Gentoo Linux Security Audit Team discovered an integer overflow in the BFD library and elfutils, resulting in a heap based buffer overflow. \n\n### Impact\n\nSuccessful exploitation would require a user to access a specially crafted binary file, resulting in the execution of arbitrary code. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll GNU Binutils users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose sys-devel/binutils\n\nAll elfutils users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-libs/elfutils-0.108\"", "cvss3": {}, "published": "2005-06-01T00:00:00", "type": "gentoo", "title": "Binutils, elfutils: Buffer overflow", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704"], "modified": "2006-05-22T00:00:00", "id": "GLSA-200506-01", "href": "https://security.gentoo.org/glsa/200506-01", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-17T19:19:00", "description": "### Background\n\ngdb is the GNU project's debugger, facilitating the analysis and debugging of applications. The BFD library provides a uniform method of accessing a variety of object file formats. \n\n### Description\n\nTavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer overflow in the BFD library, resulting in a heap overflow. A review also showed that by default, gdb insecurely sources initialisation files from the working directory. \n\n### Impact\n\nSuccessful exploitation would result in the execution of arbitrary code on loading a specially crafted object file or the execution of arbitrary commands. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll gdb users should upgrade to the latest stable version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-devel/gdb-6.3-r3\"", "cvss3": {}, "published": "2005-05-20T00:00:00", "type": "gentoo", "title": "gdb: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2006-05-22T00:00:00", "id": "GLSA-200505-15", "href": "https://security.gentoo.org/glsa/200505-15", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "debiancve": [{"lastseen": "2022-04-30T00:26:06", "description": "Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow.", "cvss3": {}, "published": "2005-05-24T04:00:00", "type": "debiancve", "title": "CVE-2005-1704", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704"], "modified": "2005-05-24T04:00:00", "id": "DEBIANCVE:CVE-2005-1704", "href": "https://security-tracker.debian.org/tracker/CVE-2005-1704", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2022-02-27T16:03:35", "description": "**CentOS Errata and Security Advisory** CESA-2005:659\n\n\nBinutils is a collection of utilities used for the creation of executable\r\ncode. A number of bugs were found in various binutils tools. \r\n\r\nSeveral integer overflow bugs were found in binutils. If a user is tricked\r\ninto processing a specially crafted executable with utilities such as\r\nreadelf, size, strings, objdump, or nm, it may allow the execution of\r\narbitrary code as the user running the utility. The Common Vulnerabilities\r\nand Exposures project (cve.mitre.org) has assigned the name CAN-2005-1704\r\nto this issue.\r\n\r\nAdditionally, the following bugs have been fixed:\r\n\r\n-- correct alignment of .tbss section if the requested alignment\r\n of .tbss is bigger than requested alignment of .tdata section\r\n-- by default issue an error if IA-64 hint@pause instruction is\r\n put into the B slot, add assembler command line switch to\r\n override this behaviour\r\n\r\nAll users of binutils should upgrade to this updated package, which\r\ncontains backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2005-September/049131.html\nhttps://lists.centos.org/pipermail/centos-announce/2005-September/049137.html\nhttps://lists.centos.org/pipermail/centos-announce/2005-September/049150.html\nhttps://lists.centos.org/pipermail/centos-announce/2005-September/049151.html\n\n**Affected packages:**\nbinutils\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2005:659", "cvss3": {}, "published": "2005-09-28T15:41:33", "type": "centos", "title": "binutils security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704"], "modified": "2005-09-28T21:16:33", "id": "CESA-2005:659", "href": "https://lists.centos.org/pipermail/centos-announce/2005-September/049131.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-27T15:58:41", "description": "**CentOS Errata and Security Advisory** CESA-2006:0354\n\n\nThe elfutils packages contain a number of utility programs and libraries\r\nrelated to the creation and maintenance of executable code.\r\n\r\nThe elfutils packages that originally shipped with Red Hat Enterprise Linux 4\r\nwere GPL-licensed versions which lacked some functionality. Previous\r\nupdates provided fully functional versions of elfutils only under the OSL\r\nlicense. This update provides a fully functional, GPL-licensed version of\r\nelfutils. \r\n\r\nIn the OSL-licensed elfutils versions provided in previous updates, some\r\ntools could sometimes crash when given corrupted input files. (CVE-2005-1704)\r\n\r\nAlso, when the eu-strip tool was used to create separate debuginfo files\r\nfrom relocatable objects such as kernel modules (.ko), the resulting\r\ndebuginfo files (.ko.debug) were sometimes corrupted. Both of these\r\nproblems are fixed in the new version.\r\n\r\nUsers of elfutils should upgrade to these updated packages, which resolve\r\nthese issues.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2006-August/050072.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-August/050073.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-August/050085.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-August/050086.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-August/050087.html\n\n**Affected packages:**\nelfutils\nelfutils-devel\nelfutils-libelf\nelfutils-libelf-devel\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2006:0354", "cvss3": {}, "published": "2006-08-24T00:29:36", "type": "centos", "title": "elfutils security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704"], "modified": "2006-08-24T16:54:50", "id": "CESA-2006:0354", "href": "https://lists.centos.org/pipermail/centos-announce/2006-August/050072.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-27T16:02:11", "description": "**CentOS Errata and Security Advisory** CESA-2005:673\n\n\nBinutils is a collection of utilities used for the creation of executable\r\ncode. A number of bugs were found in various binutils tools. \r\n\r\nIf a user is tricked into processing a specially crafted executable with\r\nutilities such as readelf, size, strings, objdump, or nm, it may allow the\r\nexecution of arbitrary code as the user. The Common Vulnerabilities and\r\nExposures project (cve.mitre.org) has assigned the name CAN-2005-1704 to\r\nthis issue.\r\n\r\nIn addition, the following bugs have been fixed:\r\n\r\n-- by default issue an error if IA-64 hint@pause instruction is\r\n put into the B slot, add assembler command line switch to\r\n override this behaviour\r\n-- fix linker's --emit-relocs with .gnu.warning.* section symbols\r\n-- fix gprof on 64-bit ppc binaries and libraries\r\n-- fix gas mapping of register names to dwarf2 register numbers\r\n in CFI directives\r\n\r\nAll users of binutils should upgrade to this updated package, which\r\ncontains patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2005-October/049159.html\nhttps://lists.centos.org/pipermail/centos-announce/2005-October/049164.html\n\n**Affected packages:**\nbinutils\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2005:673", "cvss3": {}, "published": "2005-10-05T16:17:29", "type": "centos", "title": "binutils security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704"], "modified": "2005-10-06T00:18:00", "id": "CESA-2005:673", "href": "https://lists.centos.org/pipermail/centos-announce/2005-October/049159.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-27T16:02:20", "description": "**CentOS Errata and Security Advisory** CESA-2005:763-01\n\n\nBinutils is a collection of utilities used for the creation of executable\r\ncode. A number of bugs were found in various binutils tools. \r\n\r\nSeveral integer overflow bugs were found in binutils. If a user is tricked\r\ninto processing a specially crafted executable with utilities such as\r\nreadelf, size, strings, objdump, or nm, it may allow the execution of\r\narbitrary code as the user running the utility. The Common Vulnerabilities\r\nand Exposures project (cve.mitre.org) has assigned the name CAN-2005-1704\r\nto this issue.\r\n\r\nAll users of binutils should upgrade to this updated package, which\r\ncontains backported patches to resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2005-October/049198.html\n\n**Affected packages:**\nbinutils\n\n", "cvss3": {}, "published": "2005-10-12T00:30:41", "type": "centos", "title": "binutils security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704"], "modified": "2005-10-12T00:30:41", "id": "CESA-2005:763-01", "href": "https://lists.centos.org/pipermail/centos-announce/2005-October/049198.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-27T15:58:17", "description": "**CentOS Errata and Security Advisory** CESA-2006:0368\n\n\nThe elfutils packages contain a number of utility programs and libraries\r\nrelated to the creation and maintenance of executable code.\r\n\r\nThe elfutils packages that originally shipped with Red Hat Enterprise Linux\r\n3 were GPL-licensed versions which lacked some functionality. Previous\r\nupdates provided fully functional versions of elfutils only under the OSL\r\nlicense. This update provides a fully functional, GPL-licensed version of\r\nelfutils. \r\n\r\nIn the OSL-licensed elfutils versions provided in previous updates, some\r\ntools could sometimes crash when given corrupted input files. (CVE-2005-1704)\r\n\r\nAlso, when the eu-strip tool was used to create separate debuginfo files\r\nfrom relocatable objects such as kernel modules (.ko), the resulting\r\ndebuginfo files (.ko.debug) were sometimes corrupted. Both of these\r\nproblems are fixed in the new version.\r\n\r\nUsers of elfutils should upgrade to these updated packages, which resolve\r\nthese issues.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2006-August/050014.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-August/050015.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-July/049968.html\nhttps://lists.centos.org/pipermail/centos-announce/2006-July/049970.html\n\n**Affected packages:**\nelfutils\nelfutils-devel\nelfutils-libelf\nelfutils-libelf-devel\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2006:0368", "cvss3": {}, "published": "2006-07-20T15:12:59", "type": "centos", "title": "elfutils security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704"], "modified": "2006-08-03T14:01:14", "id": "CESA-2006:0368", "href": "https://lists.centos.org/pipermail/centos-announce/2006-July/049968.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-27T16:02:34", "description": "**CentOS Errata and Security Advisory** CESA-2005:801-01\n\n\nGDB, the GNU debugger, allows debugging of programs written in C, C++, and\r\nother languages by executing them in a controlled fashion, then printing\r\ntheir data.\r\n\r\nSeveral integer overflow bugs were found in gdb. If a user is tricked into\r\nprocessing a specially crafted executable file, it may allow the execution\r\nof arbitrary code as the user running gdb. The Common Vulnerabilities and\r\nExposures project (cve.mitre.org) has assigned the name CAN-2005-1704 to\r\nthis issue.\r\n\r\nA bug was found in the way gdb loads .gdbinit files. When a user executes\r\ngdb, the local directory is searched for a .gdbinit file which is then\r\nloaded. It is possible for a local user to execute arbitrary commands as\r\nthe user running gdb by placing a malicious .gdbinit file in a location\r\nwhere gdb may be run. The Common Vulnerabilities and Exposures project\r\n(cve.mitre.org) has assigned the name CAN-2005-1705 to this issue.\r\n\r\nAll users of gdb should upgrade to this updated package, which contains\r\nbackported patches that resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2005-October/049245.html\n\n**Affected packages:**\ngdb\n\n", "cvss3": {}, "published": "2005-10-18T23:35:22", "type": "centos", "title": "gdb security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2005-10-18T23:35:22", "id": "CESA-2005:801-01", "href": "https://lists.centos.org/pipermail/centos-announce/2005-October/049245.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-27T16:02:13", "description": "**CentOS Errata and Security Advisory** CESA-2005:709\n\n\nGDB, the GNU debugger, allows debugging of programs written in C, C++,\r\nand other languages by executing them in a controlled fashion, then\r\nprinting their data.\r\n\r\nSeveral integer overflow bugs were found in gdb. If a user is tricked\r\ninto processing a specially crafted executable file, it may allow the\r\nexecution of arbitrary code as the user running gdb. The Common\r\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\r\nCAN-2005-1704 to this issue.\r\n\r\nA bug was found in the way gdb loads .gdbinit files. When a user executes\r\ngdb, the local directory is searched for a .gdbinit file which is then\r\nloaded. It is possible for a local user to execute arbitrary commands as\r\nthe victim running gdb by placing a malicious .gdbinit file in a location\r\nwhere gdb may be run. The Common Vulnerabilities and Exposures project\r\n(cve.mitre.org) has assigned the name CAN-2005-1705 to this issue.\r\n\r\nThis updated package also addresses the following issues:\r\n\r\n- GDB on ia64 had previously implemented a bug fix to work-around a kernel\r\nproblem when creating a core file via gcore. The bug fix caused a\r\nsignificant slow-down of gcore.\r\n\r\n- GDB on ia64 issued an extraneous warning when gcore was used.\r\n\r\n- GDB on ia64 could not backtrace over a sigaltstack.\r\n\r\n- GDB on ia64 could not successfully do an info frame for a signal trampoline.\r\n\r\n- GDB on AMD64 and Intel EM64T had problems attaching to a 32-bit process.\r\n\r\n- GDB on AMD64 and Intel EM64T was not properly handling threaded watchpoints.\r\n\r\n- GDB could not build with gcc4 when -Werror flag was set.\r\n\r\n- GDB had problems printing inherited members of C++ classes.\r\n\r\n- A few updates from mainline sources concerning Dwarf2 partial die in\r\ncache support, follow-fork support, interrupted syscall support, and\r\nDW_OP_piece read support.\r\n\r\nAll users of gdb should upgrade to this updated package, which resolves\r\nthese issues.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2005-October/049162.html\nhttps://lists.centos.org/pipermail/centos-announce/2005-October/049165.html\n\n**Affected packages:**\ngdb\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2005:709", "cvss3": {}, "published": "2005-10-05T16:20:15", "type": "centos", "title": "gdb security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2005-10-06T00:18:51", "id": "CESA-2005:709", "href": "https://lists.centos.org/pipermail/centos-announce/2005-October/049162.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T13:36:21", "description": "Tavis Ormandy found an integer overflow in the Binary File Descriptor \n(BFD) parser in the GNU debugger. The same vulnerable code is also \npresent in binutils. By tricking an user into processing a specially \ncrafted executable with the binutils tools (strings, objdump, nm, \nreadelf, etc.), an attacker could exploit this to execute arbitrary \ncode with the privileges of the user running the affected program.\n", "cvss3": {}, "published": "2005-05-27T00:00:00", "type": "ubuntu", "title": "binutils vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704"], "modified": "2005-05-27T00:00:00", "id": "USN-136-1", "href": "https://ubuntu.com/security/notices/USN-136-1", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-04T13:36:22", "description": "Tavis Ormandy found an integer overflow in the GNU debugger. By \ntricking an user into merely load a specially crafted executable, an \nattacker could exploit this to execute arbitrary code with the \nprivileges of the user running gdb. However, loading untrusted \nbinaries without actually executing them is rather uncommon, so the \nrisk of this flaw is low. (CAN-2005-1704)\n\nTavis Ormandy also discovered that gdb loads and executes the file \n\".gdbinit\" in the current directory even if the file belongs to a \ndifferent user. By tricking an user into run gdb in a directory with a \nmalicious .gdbinit file, a local attacker could exploit this to run \narbitrary commands with the privileges of the user invoking gdb. \n(CAN-2005-1705)\n", "cvss3": {}, "published": "2005-05-27T00:00:00", "type": "ubuntu", "title": "gdb vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2005-05-27T00:00:00", "id": "USN-135-1", "href": "https://ubuntu.com/security/notices/USN-135-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T12:02:14", "description": "Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow.", "cvss3": {}, "published": "2005-05-24T04:00:00", "type": "cve", "title": "CVE-2005-1704", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704"], "modified": "2018-10-19T15:31:00", "cpe": ["cpe:/a:gnu:gdb:6.3"], "id": "CVE-2005-1704", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1704", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:gnu:gdb:6.3:r2:*:*:*:*:*:*"]}]}