RHEL 2.1 : gdb (RHSA-2005:801)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

An updated gdb package that fixes minor security issues is now
available.

This update has been rated as having low security impact by the Red
Hat Security Response Team.

GDB, the GNU debugger, allows debugging of programs written in C, C++,
and other languages by executing them in a controlled fashion, then
printing their data.

Several integer overflow bugs were found in gdb. If a user is tricked
into processing a specially crafted executable file, it may allow the
execution of arbitrary code as the user running gdb. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-1704 to this issue.

A bug was found in the way gdb loads .gdbinit files. When a user
executes gdb, the local directory is searched for a .gdbinit file
which is then loaded. It is possible for a local user to execute
arbitrary commands as the user running gdb by placing a malicious
.gdbinit file in a location where gdb may be run. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2005-1705 to this issue.

All users of gdb should upgrade to this updated package, which
contains backported patches that resolve these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2005-1704.html
https://www.redhat.com/security/data/cve/CVE-2005-1705.html
http://rhn.redhat.com/errata/RHSA-2005-801.html

Solution :

Update the affected gdb package.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 20059 ()

Bugtraq ID:

CVE ID: CVE-2005-1704
CVE-2005-1705