MDKSA-2005:095

Package name

gdb

Date

2005-05-30

Advisory ID

MDKSA-2005:095

Affected versions

10.2 x86_64 , CS2.1 x86_64 , 10.0 amd64 , 10.2 i586 , 10.1 i586 , 10.0 i586 , CS3.0 x86_64 , CS3.0 i586 , CS2.1 i586 , 10.1 x86_64

Problem description

Tavis Ormandy of the Gentoo Linux Security Audit Team discovered two vulnerabilites in the GNU debugger. The first allows an attacker to execute arbitrary code with the privileges of the user running gdb if they can trick the user into loading a specially crafted executable (CAN-2005-1704). He also discovered that gdb loads and executes the file .gdbinit in the current directory even if the file belongs to a different user. If a user can be tricked into running gdb in a directory with a malicious .gdbinit file, a local attacker can exploit this to run arbitrary commands with the privileges of the user running gdb (CAN-2005-1705). The updated packages have been patched to correct these problems.

Updated packages

10.2 x86_64

 2df9adbbcd385b9c5e2dc514cb3885ad  x86_64/10.2/RPMS/gdb-6.3-3.1.102mdk.x86_64.rpm
ae742ac4e532252f83f8c7aff810d811  x86_64/10.2/SRPMS/gdb-6.3-3.1.102mdk.src.rpm

CS2.1 x86_64

 b641cd3e7e43ccfcb9d9aa5a88651863  x86_64/corporate/2.1/RPMS/gdb-5.3-24.1.C21mdk.x86_64.rpm
c58ff8886c0762bb8f685f07bb97fef8  x86_64/corporate/2.1/SRPMS/gdb-5.3-24.1.C21mdk.src.rpm

10.0 amd64

 9beb409470d2b5767c1cee9dabf19aec  amd64/10.0/RPMS/gdb-6.0-2.1.100mdk.amd64.rpm
a66ca0ba26db821f6cd6b2a962164b89  amd64/10.0/SRPMS/gdb-6.0-2.1.100mdk.src.rpm

10.2 i586

 9984dc6334cd1ea0ef1f1e9304ad3722  10.2/RPMS/gdb-6.3-3.1.102mdk.i586.rpm
ae742ac4e532252f83f8c7aff810d811  10.2/SRPMS/gdb-6.3-3.1.102mdk.src.rpm

10.1 i586

 f709e9355a954210f9791cdaa136d123  10.1/RPMS/gdb-6.2-2.1.101mdk.i586.rpm
4ccb813e4b0ee7499c45dcfc5aa5c7e8  10.1/SRPMS/gdb-6.2-2.1.101mdk.src.rpm

10.0 i586

 3a50223904d8735180a6e6d1367adebe  10.0/RPMS/gdb-6.0-2.1.100mdk.i586.rpm
a66ca0ba26db821f6cd6b2a962164b89  10.0/SRPMS/gdb-6.0-2.1.100mdk.src.rpm

CS3.0 x86_64

 95087b0e2e5d27c4ac30b881bf12ee42  x86_64/corporate/3.0/RPMS/gdb-6.0-2.1.C30mdk.x86_64.rpm
3136e4376e69c88876b56dd152b291d5  x86_64/corporate/3.0/SRPMS/gdb-6.0-2.1.C30mdk.src.rpm

CS3.0 i586

 2cfaab7e4ee44d4b8122165a0540c6ad  corporate/3.0/RPMS/gdb-6.0-2.1.C30mdk.i586.rpm
3136e4376e69c88876b56dd152b291d5  corporate/3.0/SRPMS/gdb-6.0-2.1.C30mdk.src.rpm

CS2.1 i586

 b4f7eaa06d432f1dbd7b714249f518fd  corporate/2.1/RPMS/gdb-5.3-24.1.C21mdk.i586.rpm
c58ff8886c0762bb8f685f07bb97fef8  corporate/2.1/SRPMS/gdb-5.3-24.1.C21mdk.src.rpm

10.1 x86_64

 dde6afb0ef27339bd81a9d9ae195151e  x86_64/10.1/RPMS/gdb-6.2-2.1.101mdk.x86_64.rpm
4ccb813e4b0ee7499c45dcfc5aa5c7e8  x86_64/10.1/SRPMS/gdb-6.2-2.1.101mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1704
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1705