CVE-2005-1705

2005-05-24T00:00:00

Description

gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.

Affected Package

OS	OS Version	Package Name	Package Version
ubuntu	Upstream	gdb	any
ubuntu	Upstream	gdb-doc	any

{"id": "UB:CVE-2005-1705", "vendorId": null, "type": "ubuntucve", "bulletinFamily": "info", "title": "CVE-2005-1705", "description": "gdb before 6.3 searches the current working directory to load the .gdbinit\nconfiguration file, which allows local users to execute arbitrary commands\nas the user running gdb.", "published": "2005-05-24T00:00:00", "modified": "2005-05-24T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://ubuntu.com/security/CVE-2005-1705", "reporter": "ubuntu.com", "references": ["https://ubuntu.com/security/notices/USN-135-1", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1705", "https://nvd.nist.gov/vuln/detail/CVE-2005-1705", "https://launchpad.net/bugs/cve/CVE-2005-1705", "https://security-tracker.debian.org/tracker/CVE-2005-1705"], "cvelist": ["CVE-2005-1705"], "immutableFields": [], "lastseen": "2021-11-22T22:04:17", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2005:709", "CESA-2005:801-01"]}, {"type": "cve", "idList": ["CVE-2005-1705"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2005-1705"]}, {"type": "gentoo", "idList": ["GLSA-200505-15"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/LINUXRPM-RHSA-2005-709/", "MSF:ILITIES/LINUXRPM-RHSA-2005-801/"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2005-709.NASL", "GENTOO_GLSA-200505-15.NASL", "MANDRAKE_MDKSA-2005-095.NASL", "REDHAT-RHSA-2005-709.NASL", "REDHAT-RHSA-2005-801.NASL", "UBUNTU_USN-135-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:54947"]}, {"type": "redhat", "idList": ["RHSA-2005:709", "RHSA-2005:801"]}, {"type": "ubuntu", "idList": ["USN-135-1"]}], "rev": 4}, "score": {"value": 5.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2005:709", "CESA-2005:801-01"]}, {"type": "cve", "idList": ["CVE-2005-1705"]}, {"type": "gentoo", "idList": ["GLSA-200505-15"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2005-801.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:54947"]}, {"type": "redhat", "idList": ["RHSA-2005:709"]}, {"type": "ubuntu", "idList": ["USN-135-1"]}]}, "exploitation": null, "vulnersScore": 5.6}, "affectedPackage": [{"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "gdb"}, {"OS": "ubuntu", "OSVersion": "Upstream", "arch": "noarch", "packageVersion": "any", "packageFilename": "UNKNOWN", "operator": "lt", "status": "needs triage", "packageName": "gdb-doc"}], "bugs": [], "_state": {"dependencies": 1646567252}}

{"cve": [{"lastseen": "2022-03-23T12:02:15", "description": "gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.", "cvss3": {}, "published": "2005-05-24T04:00:00", "type": "cve", "title": "CVE-2005-1705", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1705"], "modified": "2017-10-11T01:30:00", "cpe": ["cpe:/a:gnu:gdb:6.3"], "id": "CVE-2005-1705", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1705", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:gnu:gdb:6.3:r2:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2022-06-23T02:05:10", "description": "gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.", "cvss3": {}, "published": "2005-05-24T04:00:00", "type": "debiancve", "title": "CVE-2005-1705", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1705"], "modified": "2005-05-24T04:00:00", "id": "DEBIANCVE:CVE-2005-1705", "href": "https://security-tracker.debian.org/tracker/CVE-2005-1705", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-08-19T13:17:20", "description": "Tavis Ormandy of the Gentoo Linux Security Audit Team discovered two vulnerabilities in the GNU debugger. The first allows an attacker to execute arbitrary code with the privileges of the user running gdb if they can trick the user into loading a specially crafted executable (CVE-2005-1704).\n\nHe also discovered that gdb loads and executes the file .gdbinit in the current directory even if the file belongs to a different user. If a user can be tricked into running gdb in a directory with a malicious .gdbinit file, a local attacker can exploit this to run arbitrary commands with the privileges of the user running gdb (CVE-2005-1705).\n\nThe updated packages have been patched to correct these problems.", "cvss3": {"score": null, "vector": null}, "published": "2005-05-31T00:00:00", "type": "nessus", "title": "Mandrake Linux Security Advisory : gdb (MDKSA-2005:095)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:gdb", "cpe:/o:mandrakesoft:mandrake_linux:10.0", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "x-cpe:/o:mandrakesoft:mandrake_linux:le2005"], "id": "MANDRAKE_MDKSA-2005-095.NASL", "href": "https://www.tenable.com/plugins/nessus/18404", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:095. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18404);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-1704\", \"CVE-2005-1705\");\n script_xref(name:\"MDKSA\", value:\"2005:095\");\n\n script_name(english:\"Mandrake Linux Security Advisory : gdb (MDKSA-2005:095)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandrake Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tavis Ormandy of the Gentoo Linux Security Audit Team discovered two\nvulnerabilities in the GNU debugger. The first allows an attacker to\nexecute arbitrary code with the privileges of the user running gdb if\nthey can trick the user into loading a specially crafted executable\n(CVE-2005-1704).\n\nHe also discovered that gdb loads and executes the file .gdbinit in\nthe current directory even if the file belongs to a different user. If\na user can be tricked into running gdb in a directory with a malicious\n.gdbinit file, a local attacker can exploit this to run arbitrary\ncommands with the privileges of the user running gdb (CVE-2005-1705).\n\nThe updated packages have been patched to correct these problems.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gdb package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gdb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/05/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", reference:\"gdb-6.0-2.1.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.1\", reference:\"gdb-6.2-2.1.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.2\", reference:\"gdb-6.3-3.1.102mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:16:30", "description": "An updated gdb package that fixes minor security issues is now available.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nGDB, the GNU debugger, allows debugging of programs written in C, C++, and other languages by executing them in a controlled fashion, then printing their data.\n\nSeveral integer overflow bugs were found in gdb. If a user is tricked into processing a specially crafted executable file, it may allow the execution of arbitrary code as the user running gdb. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1704 to this issue.\n\nA bug was found in the way gdb loads .gdbinit files. When a user executes gdb, the local directory is searched for a .gdbinit file which is then loaded. It is possible for a local user to execute arbitrary commands as the user running gdb by placing a malicious .gdbinit file in a location where gdb may be run. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1705 to this issue.\n\nAll users of gdb should upgrade to this updated package, which contains backported patches that resolve these issues.", "cvss3": {"score": null, "vector": null}, "published": "2005-10-19T00:00:00", "type": "nessus", "title": "RHEL 2.1 : gdb (RHSA-2005:801)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:gdb", "cpe:/o:redhat:enterprise_linux:2.1"], "id": "REDHAT-RHSA-2005-801.NASL", "href": "https://www.tenable.com/plugins/nessus/20059", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:801. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20059);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-1704\", \"CVE-2005-1705\");\n script_xref(name:\"RHSA\", value:\"2005:801\");\n\n script_name(english:\"RHEL 2.1 : gdb (RHSA-2005:801)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated gdb package that fixes minor security issues is now\navailable.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nGDB, the GNU debugger, allows debugging of programs written in C, C++,\nand other languages by executing them in a controlled fashion, then\nprinting their data.\n\nSeveral integer overflow bugs were found in gdb. If a user is tricked\ninto processing a specially crafted executable file, it may allow the\nexecution of arbitrary code as the user running gdb. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-1704 to this issue.\n\nA bug was found in the way gdb loads .gdbinit files. When a user\nexecutes gdb, the local directory is searched for a .gdbinit file\nwhich is then loaded. It is possible for a local user to execute\narbitrary commands as the user running gdb by placing a malicious\n.gdbinit file in a location where gdb may be run. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-1705 to this issue.\n\nAll users of gdb should upgrade to this updated package, which\ncontains backported patches that resolve these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:801\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gdb package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gdb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:801\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"gdb-5.3.90-0.20030710.41.2.4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdb\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:17:19", "description": "The remote host is affected by the vulnerability described in GLSA-200505-15 (gdb: Multiple vulnerabilities)\n\n Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer overflow in the BFD library, resulting in a heap overflow. A review also showed that by default, gdb insecurely sources initialisation files from the working directory.\n Impact :\n\n Successful exploitation would result in the execution of arbitrary code on loading a specially crafted object file or the execution of arbitrary commands.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"score": null, "vector": null}, "published": "2005-05-28T00:00:00", "type": "nessus", "title": "GLSA-200505-15 : gdb: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:gdb", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200505-15.NASL", "href": "https://www.tenable.com/plugins/nessus/18379", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200505-15.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(18379);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2005-1704\", \"CVE-2005-1705\");\n script_xref(name:\"GLSA\", value:\"200505-15\");\n\n script_name(english:\"GLSA-200505-15 : gdb: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200505-15\n(gdb: Multiple vulnerabilities)\n\n Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an\n integer overflow in the BFD library, resulting in a heap overflow. A\n review also showed that by default, gdb insecurely sources\n initialisation files from the working directory.\n \nImpact :\n\n Successful exploitation would result in the execution of arbitrary code\n on loading a specially crafted object file or the execution of\n arbitrary commands.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200505-15\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All gdb users should upgrade to the latest stable version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-devel/gdb-6.3-r3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gdb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/05/28\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"sys-devel/gdb\", unaffected:make_list(\"ge 6.3-r3\"), vulnerable:make_list(\"lt 6.3-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdb\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:37:28", "description": "This is an fc3 update for gdb regarding security issues :\n\nCVE-2005-1704 Integer Overflow in gdb\n\nThis problem is that gdb's internal copy of bfd does not protect against heap-based overflow.\n\nCVE-2005-1705 gdb arbitrary command execution\n\nThis problem allows unprotected .gdbinit files to execute arbitrary commands during gdb startup.\n\nFixes for both problems are found in :\n\ngdb-6.1post-1.20040607.43.0.1\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2005-10-28T00:00:00", "type": "nessus", "title": "Fedora Core 3 : gdb-6.1post-1.20040607.43.0.1 (2005-1032)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gdb", "p-cpe:/a:fedoraproject:fedora:gdb-debuginfo", "cpe:/o:fedoraproject:fedora_core:3"], "id": "FEDORA_2005-1032.NASL", "href": "https://www.tenable.com/plugins/nessus/20100", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-1032.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20100);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2005-1032\");\n\n script_name(english:\"Fedora Core 3 : gdb-6.1post-1.20040607.43.0.1 (2005-1032)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is an fc3 update for gdb regarding security issues :\n\nCVE-2005-1704 Integer Overflow in gdb\n\nThis problem is that gdb's internal copy of bfd does not protect\nagainst heap-based overflow.\n\nCVE-2005-1705 gdb arbitrary command execution\n\nThis problem allows unprotected .gdbinit files to execute arbitrary\ncommands during gdb startup.\n\nFixes for both problems are found in :\n\ngdb-6.1post-1.20040607.43.0.1\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-October/001520.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d88de56d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gdb and / or gdb-debuginfo packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gdb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 3.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC3\", reference:\"gdb-6.1post-1.20040607.43.0.1\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"gdb-debuginfo-6.1post-1.20040607.43.0.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdb / gdb-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T13:16:30", "description": "An updated gdb package that fixes several bugs and minor security issues is now available.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nGDB, the GNU debugger, allows debugging of programs written in C, C++, and other languages by executing them in a controlled fashion, then printing their data.\n\nSeveral integer overflow bugs were found in gdb. If a user is tricked into processing a specially crafted executable file, it may allow the execution of arbitrary code as the user running gdb. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1704 to this issue.\n\nA bug was found in the way gdb loads .gdbinit files. When a user executes gdb, the local directory is searched for a .gdbinit file which is then loaded. It is possible for a local user to execute arbitrary commands as the victim running gdb by placing a malicious .gdbinit file in a location where gdb may be run. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1705 to this issue.\n\nThis updated package also addresses the following issues :\n\n - GDB on ia64 had previously implemented a bug fix to work-around a kernel problem when creating a core file via gcore. The bug fix caused a significant slow-down of gcore.\n\n - GDB on ia64 issued an extraneous warning when gcore was used.\n\n - GDB on ia64 could not backtrace over a sigaltstack.\n\n - GDB on ia64 could not successfully do an info frame for a signal trampoline.\n\n - GDB on AMD64 and Intel EM64T had problems attaching to a 32-bit process.\n\n - GDB on AMD64 and Intel EM64T was not properly handling threaded watchpoints.\n\n - GDB could not build with gcc4 when -Werror flag was set.\n\n - GDB had problems printing inherited members of C++ classes.\n\n - A few updates from mainline sources concerning Dwarf2 partial die in cache support, follow-fork support, interrupted syscall support, and DW_OP_piece read support.\n\nAll users of gdb should upgrade to this updated package, which resolves these issues.", "cvss3": {"score": null, "vector": null}, "published": "2005-10-11T00:00:00", "type": "nessus", "title": "RHEL 4 : gdb (RHSA-2005:709)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:gdb", "cpe:/o:redhat:enterprise_linux:4"], "id": "REDHAT-RHSA-2005-709.NASL", "href": "https://www.tenable.com/plugins/nessus/19994", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:709. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19994);\n script_version(\"1.25\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2005-1704\", \"CVE-2005-1705\");\n script_xref(name:\"RHSA\", value:\"2005:709\");\n\n script_name(english:\"RHEL 4 : gdb (RHSA-2005:709)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated gdb package that fixes several bugs and minor security\nissues is now available.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nGDB, the GNU debugger, allows debugging of programs written in C, C++,\nand other languages by executing them in a controlled fashion, then\nprinting their data.\n\nSeveral integer overflow bugs were found in gdb. If a user is tricked\ninto processing a specially crafted executable file, it may allow the\nexecution of arbitrary code as the user running gdb. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-1704 to this issue.\n\nA bug was found in the way gdb loads .gdbinit files. When a user\nexecutes gdb, the local directory is searched for a .gdbinit file\nwhich is then loaded. It is possible for a local user to execute\narbitrary commands as the victim running gdb by placing a malicious\n.gdbinit file in a location where gdb may be run. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-1705 to this issue.\n\nThis updated package also addresses the following issues :\n\n - GDB on ia64 had previously implemented a bug fix to\n work-around a kernel problem when creating a core file\n via gcore. The bug fix caused a significant slow-down of\n gcore.\n\n - GDB on ia64 issued an extraneous warning when gcore was\n used.\n\n - GDB on ia64 could not backtrace over a sigaltstack.\n\n - GDB on ia64 could not successfully do an info frame for\n a signal trampoline.\n\n - GDB on AMD64 and Intel EM64T had problems attaching to a\n 32-bit process.\n\n - GDB on AMD64 and Intel EM64T was not properly handling\n threaded watchpoints.\n\n - GDB could not build with gcc4 when -Werror flag was set.\n\n - GDB had problems printing inherited members of C++\n classes.\n\n - A few updates from mainline sources concerning Dwarf2\n partial die in cache support, follow-fork support,\n interrupted syscall support, and DW_OP_piece read\n support.\n\nAll users of gdb should upgrade to this updated package, which\nresolves these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1704\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:709\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gdb package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gdb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:709\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL4\", reference:\"gdb-6.3.0.0-1.63\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdb\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T13:16:17", "description": "Tavis Ormandy found an integer overflow in the GNU debugger. By tricking an user into merely load a specially crafted executable, an attacker could exploit this to execute arbitrary code with the privileges of the user running gdb. However, loading untrusted binaries without actually executing them is rather uncommon, so the risk of this flaw is low. (CAN-2005-1704)\n\nTavis Ormandy also discovered that gdb loads and executes the file '.gdbinit' in the current directory even if the file belongs to a different user. By tricking an user into run gdb in a directory with a malicious .gdbinit file, a local attacker could exploit this to run arbitrary commands with the privileges of the user invoking gdb.\n(CAN-2005-1705).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": null, "vector": null}, "published": "2006-01-15T00:00:00", "type": "nessus", "title": "Ubuntu 4.10 / 5.04 : gdb vulnerabilities (USN-135-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:gdb", "cpe:/o:canonical:ubuntu_linux:4.10", "cpe:/o:canonical:ubuntu_linux:5.04"], "id": "UBUNTU_USN-135-1.NASL", "href": "https://www.tenable.com/plugins/nessus/20526", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-135-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20526);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2005-1704\", \"CVE-2005-1705\");\n script_xref(name:\"USN\", value:\"135-1\");\n\n script_name(english:\"Ubuntu 4.10 / 5.04 : gdb vulnerabilities (USN-135-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tavis Ormandy found an integer overflow in the GNU debugger. By\ntricking an user into merely load a specially crafted executable, an\nattacker could exploit this to execute arbitrary code with the\nprivileges of the user running gdb. However, loading untrusted\nbinaries without actually executing them is rather uncommon, so the\nrisk of this flaw is low. (CAN-2005-1704)\n\nTavis Ormandy also discovered that gdb loads and executes the file\n'.gdbinit' in the current directory even if the file belongs to a\ndifferent user. By tricking an user into run gdb in a directory with a\nmalicious .gdbinit file, a local attacker could exploit this to run\narbitrary commands with the privileges of the user invoking gdb.\n(CAN-2005-1705).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gdb package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gdb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2017 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10|5\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10 / 5.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"gdb\", pkgver:\"6.1-3ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"gdb\", pkgver:\"6.3-5ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdb\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-03-27T14:36:52", "description": "This is an fc4 update for gdb that includes security issues :\n\nCVE-2005-1704 Integer Overflow in gdb\n\nThis problem is that gdb's internal copy of bfd does not protect against heap-based overflow.\n\nCVE-2005-1705 gdb arbitrary command execution\n\nThis problem allows unprotected .gdbinit files to execute arbitrary commands during gdb startup.\n\nFixes for both problems are found in :\n\ngdb-6.3.0.0-1.84\n\nThis release also contains some additional fixes from the last update.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2005-10-28T00:00:00", "type": "nessus", "title": "Fedora Core 4 : gdb-6.3.0.0-1.84 (2005-1033)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gdb", "p-cpe:/a:fedoraproject:fedora:gdb-debuginfo", "cpe:/o:fedoraproject:fedora_core:4"], "id": "FEDORA_2005-1033.NASL", "href": "https://www.tenable.com/plugins/nessus/20101", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-1033.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(20101);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_xref(name:\"FEDORA\", value:\"2005-1033\");\n\n script_name(english:\"Fedora Core 4 : gdb-6.3.0.0-1.84 (2005-1033)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This is an fc4 update for gdb that includes security issues :\n\nCVE-2005-1704 Integer Overflow in gdb\n\nThis problem is that gdb's internal copy of bfd does not protect\nagainst heap-based overflow.\n\nCVE-2005-1705 gdb arbitrary command execution\n\nThis problem allows unprotected .gdbinit files to execute arbitrary\ncommands during gdb startup.\n\nFixes for both problems are found in :\n\ngdb-6.3.0.0-1.84\n\nThis release also contains some additional fixes from the last update.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-October/001522.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?55e6a187\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gdb and / or gdb-debuginfo packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gdb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gdb-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/10/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 4.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC4\", reference:\"gdb-6.3.0.0-1.84\")) flag++;\nif (rpm_check(release:\"FC4\", reference:\"gdb-debuginfo-6.3.0.0-1.84\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdb / gdb-debuginfo\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T12:53:57", "description": "An updated gdb package that fixes several bugs and minor security issues is now available.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nGDB, the GNU debugger, allows debugging of programs written in C, C++, and other languages by executing them in a controlled fashion, then printing their data.\n\nSeveral integer overflow bugs were found in gdb. If a user is tricked into processing a specially crafted executable file, it may allow the execution of arbitrary code as the user running gdb. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1704 to this issue.\n\nA bug was found in the way gdb loads .gdbinit files. When a user executes gdb, the local directory is searched for a .gdbinit file which is then loaded. It is possible for a local user to execute arbitrary commands as the victim running gdb by placing a malicious .gdbinit file in a location where gdb may be run. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1705 to this issue.\n\nThis updated package also addresses the following issues :\n\n - GDB on ia64 had previously implemented a bug fix to work-around a kernel problem when creating a core file via gcore. The bug fix caused a significant slow-down of gcore.\n\n - GDB on ia64 issued an extraneous warning when gcore was used.\n\n - GDB on ia64 could not backtrace over a sigaltstack.\n\n - GDB on ia64 could not successfully do an info frame for a signal trampoline.\n\n - GDB on AMD64 and Intel EM64T had problems attaching to a 32-bit process.\n\n - GDB on AMD64 and Intel EM64T was not properly handling threaded watchpoints.\n\n - GDB could not build with gcc4 when -Werror flag was set.\n\n - GDB had problems printing inherited members of C++ classes.\n\n - A few updates from mainline sources concerning Dwarf2 partial die in cache support, follow-fork support, interrupted syscall support, and DW_OP_piece read support.\n\nAll users of gdb should upgrade to this updated package, which resolves these issues.", "cvss3": {"score": null, "vector": null}, "published": "2013-06-29T00:00:00", "type": "nessus", "title": "CentOS 4 : gdb (CESA-2005:709)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:gdb", "cpe:/o:centos:centos:4"], "id": "CENTOS_RHSA-2005-709.NASL", "href": "https://www.tenable.com/plugins/nessus/67033", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:709 and \n# CentOS Errata and Security Advisory 2005:709 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(67033);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2005-1704\", \"CVE-2005-1705\");\n script_xref(name:\"RHSA\", value:\"2005:709\");\n\n script_name(english:\"CentOS 4 : gdb (CESA-2005:709)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated gdb package that fixes several bugs and minor security\nissues is now available.\n\nThis update has been rated as having low security impact by the Red\nHat Security Response Team.\n\nGDB, the GNU debugger, allows debugging of programs written in C, C++,\nand other languages by executing them in a controlled fashion, then\nprinting their data.\n\nSeveral integer overflow bugs were found in gdb. If a user is tricked\ninto processing a specially crafted executable file, it may allow the\nexecution of arbitrary code as the user running gdb. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-1704 to this issue.\n\nA bug was found in the way gdb loads .gdbinit files. When a user\nexecutes gdb, the local directory is searched for a .gdbinit file\nwhich is then loaded. It is possible for a local user to execute\narbitrary commands as the victim running gdb by placing a malicious\n.gdbinit file in a location where gdb may be run. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the\nname CVE-2005-1705 to this issue.\n\nThis updated package also addresses the following issues :\n\n - GDB on ia64 had previously implemented a bug fix to\n work-around a kernel problem when creating a core file\n via gcore. The bug fix caused a significant slow-down of\n gcore.\n\n - GDB on ia64 issued an extraneous warning when gcore was\n used.\n\n - GDB on ia64 could not backtrace over a sigaltstack.\n\n - GDB on ia64 could not successfully do an info frame for\n a signal trampoline.\n\n - GDB on AMD64 and Intel EM64T had problems attaching to a\n 32-bit process.\n\n - GDB on AMD64 and Intel EM64T was not properly handling\n threaded watchpoints.\n\n - GDB could not build with gcc4 when -Werror flag was set.\n\n - GDB had problems printing inherited members of C++\n classes.\n\n - A few updates from mainline sources concerning Dwarf2\n partial die in cache support, follow-fork support,\n interrupted syscall support, and DW_OP_piece read\n support.\n\nAll users of gdb should upgrade to this updated package, which\nresolves these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-October/012243.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?26127f72\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gdb package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gdb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/06/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^4([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 4.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-4\", cpu:\"ia64\", reference:\"gdb-6.3.0.0-1.63\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gdb\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2022-02-27T16:02:34", "description": "**CentOS Errata and Security Advisory** CESA-2005:801-01\n\n\nGDB, the GNU debugger, allows debugging of programs written in C, C++, and\r\nother languages by executing them in a controlled fashion, then printing\r\ntheir data.\r\n\r\nSeveral integer overflow bugs were found in gdb. If a user is tricked into\r\nprocessing a specially crafted executable file, it may allow the execution\r\nof arbitrary code as the user running gdb. The Common Vulnerabilities and\r\nExposures project (cve.mitre.org) has assigned the name CAN-2005-1704 to\r\nthis issue.\r\n\r\nA bug was found in the way gdb loads .gdbinit files. When a user executes\r\ngdb, the local directory is searched for a .gdbinit file which is then\r\nloaded. It is possible for a local user to execute arbitrary commands as\r\nthe user running gdb by placing a malicious .gdbinit file in a location\r\nwhere gdb may be run. The Common Vulnerabilities and Exposures project\r\n(cve.mitre.org) has assigned the name CAN-2005-1705 to this issue.\r\n\r\nAll users of gdb should upgrade to this updated package, which contains\r\nbackported patches that resolve these issues.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2005-October/049245.html\n\n**Affected packages:**\ngdb\n\n", "cvss3": {}, "published": "2005-10-18T23:35:22", "type": "centos", "title": "gdb security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2005-10-18T23:35:22", "id": "CESA-2005:801-01", "href": "https://lists.centos.org/pipermail/centos-announce/2005-October/049245.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-27T16:02:13", "description": "**CentOS Errata and Security Advisory** CESA-2005:709\n\n\nGDB, the GNU debugger, allows debugging of programs written in C, C++,\r\nand other languages by executing them in a controlled fashion, then\r\nprinting their data.\r\n\r\nSeveral integer overflow bugs were found in gdb. If a user is tricked\r\ninto processing a specially crafted executable file, it may allow the\r\nexecution of arbitrary code as the user running gdb. The Common\r\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\r\nCAN-2005-1704 to this issue.\r\n\r\nA bug was found in the way gdb loads .gdbinit files. When a user executes\r\ngdb, the local directory is searched for a .gdbinit file which is then\r\nloaded. It is possible for a local user to execute arbitrary commands as\r\nthe victim running gdb by placing a malicious .gdbinit file in a location\r\nwhere gdb may be run. The Common Vulnerabilities and Exposures project\r\n(cve.mitre.org) has assigned the name CAN-2005-1705 to this issue.\r\n\r\nThis updated package also addresses the following issues:\r\n\r\n- GDB on ia64 had previously implemented a bug fix to work-around a kernel\r\nproblem when creating a core file via gcore. The bug fix caused a\r\nsignificant slow-down of gcore.\r\n\r\n- GDB on ia64 issued an extraneous warning when gcore was used.\r\n\r\n- GDB on ia64 could not backtrace over a sigaltstack.\r\n\r\n- GDB on ia64 could not successfully do an info frame for a signal trampoline.\r\n\r\n- GDB on AMD64 and Intel EM64T had problems attaching to a 32-bit process.\r\n\r\n- GDB on AMD64 and Intel EM64T was not properly handling threaded watchpoints.\r\n\r\n- GDB could not build with gcc4 when -Werror flag was set.\r\n\r\n- GDB had problems printing inherited members of C++ classes.\r\n\r\n- A few updates from mainline sources concerning Dwarf2 partial die in\r\ncache support, follow-fork support, interrupted syscall support, and\r\nDW_OP_piece read support.\r\n\r\nAll users of gdb should upgrade to this updated package, which resolves\r\nthese issues.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2005-October/049162.html\nhttps://lists.centos.org/pipermail/centos-announce/2005-October/049165.html\n\n**Affected packages:**\ngdb\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2005:709", "cvss3": {}, "published": "2005-10-05T16:20:15", "type": "centos", "title": "gdb security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2005-10-06T00:18:51", "id": "CESA-2005:709", "href": "https://lists.centos.org/pipermail/centos-announce/2005-October/049162.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2022-01-17T19:19:00", "description": "### Background\n\ngdb is the GNU project's debugger, facilitating the analysis and debugging of applications. The BFD library provides a uniform method of accessing a variety of object file formats. \n\n### Description\n\nTavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer overflow in the BFD library, resulting in a heap overflow. A review also showed that by default, gdb insecurely sources initialisation files from the working directory. \n\n### Impact\n\nSuccessful exploitation would result in the execution of arbitrary code on loading a specially crafted object file or the execution of arbitrary commands. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll gdb users should upgrade to the latest stable version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-devel/gdb-6.3-r3\"", "cvss3": {}, "published": "2005-05-20T00:00:00", "type": "gentoo", "title": "gdb: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2006-05-22T00:00:00", "id": "GLSA-200505-15", "href": "https://security.gentoo.org/glsa/200505-15", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2017-07-24T12:49:48", "description": "The remote host is missing updates announced in\nadvisory GLSA 200505-15.", "cvss3": {}, "published": "2008-09-24T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200505-15 (gdb)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2005-1705", "CVE-2005-1704"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:54947", "href": "http://plugins.openvas.org/nasl.php?oid=54947", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been discovered in the GNU debugger,\npotentially allowing the execution of arbitrary code.\";\ntag_solution = \"All gdb users should upgrade to the latest stable version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=sys-devel/gdb-6.3-r3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200505-15\nhttp://bugs.gentoo.org/show_bug.cgi?id=88398\nhttp://bugs.gentoo.org/show_bug.cgi?id=91398\nhttp://bugs.gentoo.org/show_bug.cgi?id=91654\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200505-15.\";\n\n \n\nif(description)\n{\n script_id(54947);\n script_cve_id(\"CVE-2005-1704\",\"CVE-2005-1705\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_name(\"Gentoo Security Advisory GLSA 200505-15 (gdb)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"sys-devel/gdb\", unaffected: make_list(\"ge 6.3-r3\"), vulnerable: make_list(\"lt 6.3-r3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2021-10-21T04:42:45", "description": "GDB, the GNU debugger, allows debugging of programs written in C, C++, and\r\nother languages by executing them in a controlled fashion, then printing\r\ntheir data.\r\n\r\nSeveral integer overflow bugs were found in gdb. If a user is tricked into\r\nprocessing a specially crafted executable file, it may allow the execution\r\nof arbitrary code as the user running gdb. The Common Vulnerabilities and\r\nExposures project (cve.mitre.org) has assigned the name CAN-2005-1704 to\r\nthis issue.\r\n\r\nA bug was found in the way gdb loads .gdbinit files. When a user executes\r\ngdb, the local directory is searched for a .gdbinit file which is then\r\nloaded. It is possible for a local user to execute arbitrary commands as\r\nthe user running gdb by placing a malicious .gdbinit file in a location\r\nwhere gdb may be run. The Common Vulnerabilities and Exposures project\r\n(cve.mitre.org) has assigned the name CAN-2005-1705 to this issue.\r\n\r\nAll users of gdb should upgrade to this updated package, which contains\r\nbackported patches that resolve these issues.", "cvss3": {}, "published": "2005-10-18T00:00:00", "type": "redhat", "title": "(RHSA-2005:801) gdb security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2018-03-14T15:26:06", "id": "RHSA-2005:801", "href": "https://access.redhat.com/errata/RHSA-2005:801", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-21T04:44:05", "description": "GDB, the GNU debugger, allows debugging of programs written in C, C++,\r\nand other languages by executing them in a controlled fashion, then\r\nprinting their data.\r\n\r\nSeveral integer overflow bugs were found in gdb. If a user is tricked\r\ninto processing a specially crafted executable file, it may allow the\r\nexecution of arbitrary code as the user running gdb. The Common\r\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\r\nCAN-2005-1704 to this issue.\r\n\r\nA bug was found in the way gdb loads .gdbinit files. When a user executes\r\ngdb, the local directory is searched for a .gdbinit file which is then\r\nloaded. It is possible for a local user to execute arbitrary commands as\r\nthe victim running gdb by placing a malicious .gdbinit file in a location\r\nwhere gdb may be run. The Common Vulnerabilities and Exposures project\r\n(cve.mitre.org) has assigned the name CAN-2005-1705 to this issue.\r\n\r\nThis updated package also addresses the following issues:\r\n\r\n- GDB on ia64 had previously implemented a bug fix to work-around a kernel\r\nproblem when creating a core file via gcore. The bug fix caused a\r\nsignificant slow-down of gcore.\r\n\r\n- GDB on ia64 issued an extraneous warning when gcore was used.\r\n\r\n- GDB on ia64 could not backtrace over a sigaltstack.\r\n\r\n- GDB on ia64 could not successfully do an info frame for a signal trampoline.\r\n\r\n- GDB on AMD64 and Intel EM64T had problems attaching to a 32-bit process.\r\n\r\n- GDB on AMD64 and Intel EM64T was not properly handling threaded watchpoints.\r\n\r\n- GDB could not build with gcc4 when -Werror flag was set.\r\n\r\n- GDB had problems printing inherited members of C++ classes.\r\n\r\n- A few updates from mainline sources concerning Dwarf2 partial die in\r\ncache support, follow-fork support, interrupted syscall support, and\r\nDW_OP_piece read support.\r\n\r\nAll users of gdb should upgrade to this updated package, which resolves\r\nthese issues.", "cvss3": {}, "published": "2005-10-05T00:00:00", "type": "redhat", "title": "(RHSA-2005:709) gdb security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2017-09-08T08:10:13", "id": "RHSA-2005:709", "href": "https://access.redhat.com/errata/RHSA-2005:709", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T13:36:22", "description": "Tavis Ormandy found an integer overflow in the GNU debugger. By \ntricking an user into merely load a specially crafted executable, an \nattacker could exploit this to execute arbitrary code with the \nprivileges of the user running gdb. However, loading untrusted \nbinaries without actually executing them is rather uncommon, so the \nrisk of this flaw is low. (CAN-2005-1704)\n\nTavis Ormandy also discovered that gdb loads and executes the file \n\".gdbinit\" in the current directory even if the file belongs to a \ndifferent user. By tricking an user into run gdb in a directory with a \nmalicious .gdbinit file, a local attacker could exploit this to run \narbitrary commands with the privileges of the user invoking gdb. \n(CAN-2005-1705)\n", "cvss3": {}, "published": "2005-05-27T00:00:00", "type": "ubuntu", "title": "gdb vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2005-1704", "CVE-2005-1705"], "modified": "2005-05-27T00:00:00", "id": "USN-135-1", "href": "https://ubuntu.com/security/notices/USN-135-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}

CVE-2005-1705

Description

Affected Package

Related