Veracode Vulnerability DatabaseVERACODE:11154Privilege Escalation
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
gdb is vulnerable to privilege escalation attacks. The vulnerability exists as GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts.
| CPE | Name | Operator | Version |
|---|---|---|---|
| gdb | eq | 7.1__29.el6 | |
| gdb | eq | 7.2__48.el6 | |
| gdb | eq | 7.1__29.el6_0.1 | |
| gdb | eq | 7.2__50.el6 | |
| gdb | eq | 7.2__56.el6 | |
| gdb | eq | 7.1__29.el6 | |
| gdb | eq | 7.2__48.el6 | |
| gdb | eq | 7.1__29.el6_0.1 | |
| gdb | eq | 7.2__50.el6 | |
| gdb | eq | 7.2__56.el6 |
References
rhn.redhat.com/errata/RHSA-2013-0522.html
sourceware.org/cgi-bin/cvsweb.cgi/~checkout~/src/gdb/NEWS?content-type=text/x-cvsweb-markup&cvsroot=src
sourceware.org/gdb/current/onlinedocs/gdb/Auto_002dloading-safe-path.html#Auto_002dloading-safe-path
sourceware.org/gdb/current/onlinedocs/gdb/Auto_002dloading.html#Auto_002dloading
sourceware.org/ml/gdb-patches/2011-04/msg00559.html
sourceware.org/ml/gdb-patches/2011-05/msg00202.html
www.securitytracker.com/id/1028191
access.redhat.com/errata/RHSA-2013:0522
access.redhat.com/security/cve/CVE-2011-4355
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=703238
bugzilla.redhat.com/show_bug.cgi?id=811648
bugzilla.redhat.com/show_bug.cgi?id=836966
rhn.redhat.com/errata/RHSA-2013-0522.html
Related
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C