Mandrake Linux Security Advisory : gdb (MDKSA-2005:095)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

Tavis Ormandy of the Gentoo Linux Security Audit Team discovered two
vulnerabilities in the GNU debugger. The first allows an attacker to
execute arbitrary code with the privileges of the user running gdb if
they can trick the user into loading a specially crafted executable
(CVE-2005-1704).

He also discovered that gdb loads and executes the file .gdbinit in
the current directory even if the file belongs to a different user. If
a user can be tricked into running gdb in a directory with a malicious
.gdbinit file, a local attacker can exploit this to run arbitrary
commands with the privileges of the user running gdb (CVE-2005-1705).

The updated packages have been patched to correct these problems.

Solution :

Update the affected gdb package.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 18404 (mandrake_MDKSA-2005-095.nasl)

Bugtraq ID:

CVE ID: CVE-2005-1704
CVE-2005-1705

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now