ID CVE-2005-1705
Summary gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.
References
Vulnerable Configurations
  • cpe:2.3:a:gnu:gdb:6.3:r2
    cpe:2.3:a:gnu:gdb:6.3:r2
CVSS
Base: 7.2 (as of 25-05-2005 - 15:22)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-135-1.NASL
    description Tavis Ormandy found an integer overflow in the GNU debugger. By tricking an user into merely load a specially crafted executable, an attacker could exploit this to execute arbitrary code with the privileges of the user running gdb. However, loading untrusted binaries without actually executing them is rather uncommon, so the risk of this flaw is low. (CAN-2005-1704) Tavis Ormandy also discovered that gdb loads and executes the file '.gdbinit' in the current directory even if the file belongs to a different user. By tricking an user into run gdb in a directory with a malicious .gdbinit file, a local attacker could exploit this to run arbitrary commands with the privileges of the user invoking gdb. (CAN-2005-1705). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-01
    plugin id 20526
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20526
    title Ubuntu 4.10 / 5.04 : gdb vulnerabilities (USN-135-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-709.NASL
    description An updated gdb package that fixes several bugs and minor security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GDB, the GNU debugger, allows debugging of programs written in C, C++, and other languages by executing them in a controlled fashion, then printing their data. Several integer overflow bugs were found in gdb. If a user is tricked into processing a specially crafted executable file, it may allow the execution of arbitrary code as the user running gdb. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1704 to this issue. A bug was found in the way gdb loads .gdbinit files. When a user executes gdb, the local directory is searched for a .gdbinit file which is then loaded. It is possible for a local user to execute arbitrary commands as the victim running gdb by placing a malicious .gdbinit file in a location where gdb may be run. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1705 to this issue. This updated package also addresses the following issues : - GDB on ia64 had previously implemented a bug fix to work-around a kernel problem when creating a core file via gcore. The bug fix caused a significant slow-down of gcore. - GDB on ia64 issued an extraneous warning when gcore was used. - GDB on ia64 could not backtrace over a sigaltstack. - GDB on ia64 could not successfully do an info frame for a signal trampoline. - GDB on AMD64 and Intel EM64T had problems attaching to a 32-bit process. - GDB on AMD64 and Intel EM64T was not properly handling threaded watchpoints. - GDB could not build with gcc4 when -Werror flag was set. - GDB had problems printing inherited members of C++ classes. - A few updates from mainline sources concerning Dwarf2 partial die in cache support, follow-fork support, interrupted syscall support, and DW_OP_piece read support. All users of gdb should upgrade to this updated package, which resolves these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 19994
    published 2005-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19994
    title RHEL 4 : gdb (RHSA-2005:709)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200505-15.NASL
    description The remote host is affected by the vulnerability described in GLSA-200505-15 (gdb: Multiple vulnerabilities) Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer overflow in the BFD library, resulting in a heap overflow. A review also showed that by default, gdb insecurely sources initialisation files from the working directory. Impact : Successful exploitation would result in the execution of arbitrary code on loading a specially crafted object file or the execution of arbitrary commands. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 18379
    published 2005-05-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18379
    title GLSA-200505-15 : gdb: Multiple vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-095.NASL
    description Tavis Ormandy of the Gentoo Linux Security Audit Team discovered two vulnerabilities in the GNU debugger. The first allows an attacker to execute arbitrary code with the privileges of the user running gdb if they can trick the user into loading a specially crafted executable (CVE-2005-1704). He also discovered that gdb loads and executes the file .gdbinit in the current directory even if the file belongs to a different user. If a user can be tricked into running gdb in a directory with a malicious .gdbinit file, a local attacker can exploit this to run arbitrary commands with the privileges of the user running gdb (CVE-2005-1705). The updated packages have been patched to correct these problems.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 18404
    published 2005-05-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18404
    title Mandrake Linux Security Advisory : gdb (MDKSA-2005:095)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-801.NASL
    description An updated gdb package that fixes minor security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GDB, the GNU debugger, allows debugging of programs written in C, C++, and other languages by executing them in a controlled fashion, then printing their data. Several integer overflow bugs were found in gdb. If a user is tricked into processing a specially crafted executable file, it may allow the execution of arbitrary code as the user running gdb. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1704 to this issue. A bug was found in the way gdb loads .gdbinit files. When a user executes gdb, the local directory is searched for a .gdbinit file which is then loaded. It is possible for a local user to execute arbitrary commands as the user running gdb by placing a malicious .gdbinit file in a location where gdb may be run. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1705 to this issue. All users of gdb should upgrade to this updated package, which contains backported patches that resolve these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 20059
    published 2005-10-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20059
    title RHEL 2.1 : gdb (RHSA-2005:801)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-709.NASL
    description An updated gdb package that fixes several bugs and minor security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GDB, the GNU debugger, allows debugging of programs written in C, C++, and other languages by executing them in a controlled fashion, then printing their data. Several integer overflow bugs were found in gdb. If a user is tricked into processing a specially crafted executable file, it may allow the execution of arbitrary code as the user running gdb. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1704 to this issue. A bug was found in the way gdb loads .gdbinit files. When a user executes gdb, the local directory is searched for a .gdbinit file which is then loaded. It is possible for a local user to execute arbitrary commands as the victim running gdb by placing a malicious .gdbinit file in a location where gdb may be run. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1705 to this issue. This updated package also addresses the following issues : - GDB on ia64 had previously implemented a bug fix to work-around a kernel problem when creating a core file via gcore. The bug fix caused a significant slow-down of gcore. - GDB on ia64 issued an extraneous warning when gcore was used. - GDB on ia64 could not backtrace over a sigaltstack. - GDB on ia64 could not successfully do an info frame for a signal trampoline. - GDB on AMD64 and Intel EM64T had problems attaching to a 32-bit process. - GDB on AMD64 and Intel EM64T was not properly handling threaded watchpoints. - GDB could not build with gcc4 when -Werror flag was set. - GDB had problems printing inherited members of C++ classes. - A few updates from mainline sources concerning Dwarf2 partial die in cache support, follow-fork support, interrupted syscall support, and DW_OP_piece read support. All users of gdb should upgrade to this updated package, which resolves these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 67033
    published 2013-06-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67033
    title CentOS 4 : gdb (CESA-2005:709)
oval via4
accepted 2013-04-29T04:11:17.497-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.
family unix
id oval:org.mitre.oval:def:11072
status accepted
submitted 2010-07-09T03:56:16-04:00
title gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.
version 23
redhat via4
advisories
  • rhsa
    id RHSA-2005:709
  • rhsa
    id RHSA-2005:801
refmap via4
confirm
gentoo GLSA-200505-15
mandrake MDKSA-2005:095
secunia
  • 17072
  • 17356
  • 18506
statements via4
contributor Mark J Cox
lastmodified 2007-03-14
organization Red Hat
statement Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Last major update 07-12-2016 - 22:00
Published 24-05-2005 - 00:00
Last modified 10-10-2017 - 21:30
Back to Top