RHEL 3 : gdb (RHSA-2007:0469)

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.

Synopsis :

The remote Red Hat host is missing a security update.

Description :

An updated gdb package that fixes a security issue and various bugs is
now available.

This update has been rated as having low security impact by the Red
Hat Security Response Team.

GDB, the GNU debugger, allows debugging of programs written in C, C++,
and other languages by executing them in a controlled fashion and then
printing their data.

Various buffer overflows and underflows were found in the DWARF
expression computation stack in GDB. If an attacker could trick a user
into loading an executable containing malicious debugging information
into GDB, they may be able to execute arbitrary code with the
privileges of the user. (CVE-2006-4146)

This updated package also addresses the following issues :

* Support on 64-bit hosts shared libraries debuginfo larger than 2GB.

* Fix a race occasionally leaving the detached processes stopped.

* Fix segmentation fault on the source display by ^X 1.

* Fix a crash on an opaque type dereference.

All users of gdb should upgrade to this updated package, which
contains backported patches to resolve these issues.

See also :


Solution :

Update the affected gdb package.

Risk factor :

Medium / CVSS Base Score : 5.1

Family: Red Hat Local Security Checks

Nessus Plugin ID: 25481 ()

Bugtraq ID:

CVE ID: CVE-2006-4146

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now