Mandrake Linux Security Advisory : gdb (MDKSA-2005:095)

2005-05-31T00:00:00
ID MANDRAKE_MDKSA-2005-095.NASL
Type nessus
Reporter Tenable
Modified 2018-07-19T00:00:00

Description

Tavis Ormandy of the Gentoo Linux Security Audit Team discovered two vulnerabilities in the GNU debugger. The first allows an attacker to execute arbitrary code with the privileges of the user running gdb if they can trick the user into loading a specially crafted executable (CVE-2005-1704).

He also discovered that gdb loads and executes the file .gdbinit in the current directory even if the file belongs to a different user. If a user can be tricked into running gdb in a directory with a malicious .gdbinit file, a local attacker can exploit this to run arbitrary commands with the privileges of the user running gdb (CVE-2005-1705).

The updated packages have been patched to correct these problems.

                                        
                                            #%NASL_MIN_LEVEL 70103

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2005:095. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(18404);
  script_version ("1.18");
  script_cvs_date("Date: 2018/07/19 20:59:13");

  script_cve_id("CVE-2005-1704", "CVE-2005-1705");
  script_xref(name:"MDKSA", value:"2005:095");

  script_name(english:"Mandrake Linux Security Advisory : gdb (MDKSA-2005:095)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Mandrake Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Tavis Ormandy of the Gentoo Linux Security Audit Team discovered two
vulnerabilities in the GNU debugger. The first allows an attacker to
execute arbitrary code with the privileges of the user running gdb if
they can trick the user into loading a specially crafted executable
(CVE-2005-1704).

He also discovered that gdb loads and executes the file .gdbinit in
the current directory even if the file belongs to a different user. If
a user can be tricked into running gdb in a directory with a malicious
.gdbinit file, a local attacker can exploit this to run arbitrary
commands with the privileges of the user running gdb (CVE-2005-1705).

The updated packages have been patched to correct these problems."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected gdb package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gdb");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/05/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/05/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK10.0", reference:"gdb-6.0-2.1.100mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK10.1", reference:"gdb-6.2-2.1.101mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK10.2", reference:"gdb-6.3-3.1.102mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");