GDB BFD Library Local Overflow

2005-05-20T07:42:28
ID OSVDB:16757
Type osvdb
Reporter Tavis Ormandy(taviso@google.com)
Modified 2005-05-20T07:42:28

Description

Vulnerability Description

A local overflow exists in in GDB, the GNU debugger. The BFD library contains an integer overflow which can result in a heap overflow. With a specially crafted file, an attacker can cause escalated privileges resulting in a loss of confidentiality.

Solution Description

Upgrade to version 6.3-r3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A local overflow exists in in GDB, the GNU debugger. The BFD library contains an integer overflow which can result in a heap overflow. With a specially crafted file, an attacker can cause escalated privileges resulting in a loss of confidentiality.

References:

Vendor Specific Advisory URL Secunia Advisory ID:15449 Secunia Advisory ID:15467 Secunia Advisory ID:15575 Secunia Advisory ID:15565 Related OSVDB ID: 16351 Related OSVDB ID: 16758 Other Solution URL: http://bugs.gentoo.org/attachment.cgi?id=58482&action=view Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200506-01.xml Other Advisory URL: http://security.gentoo.org/glsa/glsa-200505-15.xml Other Advisory URL: http://www.trustix.org/errata/2005/0025/ Generic Exploit URL: http://bugs.gentoo.org/attachment.cgi?id=57996