Joined: 12 May 2004
|Posted: Fri May 20, 2005 1:13 pm Post subject: [ GLSA 200505-15 ] gdb: Multiple vulnerabilities
|Gentoo Linux Security Advisory
Title: gdb: Multiple vulnerabilities (GLSA 200505-15)
Date: May 20, 2005
Updated: May 22, 2006
Bug(s): #88398, #91398, #91654
Multiple vulnerabilities have been discovered in the GNU debugger, potentially allowing the execution of arbitrary code.
gdb is the GNU project's debugger, facilitating the analysis and debugging of applications. The BFD library provides a uniform method of accessing a variety of object file formats.
Vulnerable: < 6.3-r3
Unaffected: >= 6.3-r3
Architectures: All supported architectures
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer overflow in the BFD library, resulting in a heap overflow. A review also showed that by default, gdb insecurely sources initialisation files from the working directory.
Successful exploitation would result in the execution of arbitrary code on loading a specially crafted object file or the execution of arbitrary commands.
There is no known workaround at this time.
All gdb users should upgrade to the latest stable version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-devel/gdb-6.3-r3"
Last edited by GLSA on Tue Oct 23, 2007 4:17 am; edited 4 times in total