Oracle Linux 3 : gdb (ELSA-2007-0469)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Oracle Linux host is missing a security update.

Description :

From Red Hat Security Advisory 2007:0469 :

An updated gdb package that fixes a security issue and various bugs is
now available.

This update has been rated as having low security impact by the Red
Hat Security Response Team.

GDB, the GNU debugger, allows debugging of programs written in C, C++,
and other languages by executing them in a controlled fashion and then
printing their data.

Various buffer overflows and underflows were found in the DWARF
expression computation stack in GDB. If an attacker could trick a user
into loading an executable containing malicious debugging information
into GDB, they may be able to execute arbitrary code with the
privileges of the user. (CVE-2006-4146)

This updated package also addresses the following issues :

* Support on 64-bit hosts shared libraries debuginfo larger than 2GB.

* Fix a race occasionally leaving the detached processes stopped.

* Fix segmentation fault on the source display by ^X 1.

* Fix a crash on an opaque type dereference.

All users of gdb should upgrade to this updated package, which
contains backported patches to resolve these issues.

See also :

https://oss.oracle.com/pipermail/el-errata/2007-June/000182.html

Solution :

Update the affected gdb package.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)

Family: Oracle Linux Local Security Checks

Nessus Plugin ID: 67518 ()

Bugtraq ID:

CVE ID: CVE-2006-4146