RHEL 3 : gdb (RHSA-2007:0469)

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

An updated gdb package that fixes a security issue and various bugs is
now available.

This update has been rated as having low security impact by the Red
Hat Security Response Team.

GDB, the GNU debugger, allows debugging of programs written in C, C++,
and other languages by executing them in a controlled fashion and then
printing their data.

Various buffer overflows and underflows were found in the DWARF
expression computation stack in GDB. If an attacker could trick a user
into loading an executable containing malicious debugging information
into GDB, they may be able to execute arbitrary code with the
privileges of the user. (CVE-2006-4146)

This updated package also addresses the following issues :

* Support on 64-bit hosts shared libraries debuginfo larger than 2GB.

* Fix a race occasionally leaving the detached processes stopped.

* Fix segmentation fault on the source display by ^X 1.

* Fix a crash on an opaque type dereference.

All users of gdb should upgrade to this updated package, which
contains backported patches to resolve these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2006-4146.html
http://rhn.redhat.com/errata/RHSA-2007-0469.html

Solution :

Update the affected gdb package.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 25481 ()

Bugtraq ID:

CVE ID: CVE-2006-4146