Vulnerabilities > CVE-2005-1704 - Numeric Errors vulnerability in GNU GDB

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

gnu

CWE-189

nessus

NVD

Published: 2005-05-24

Updated: 2018-10-19

Summary

Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow.

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU GDB *	1

Common Weakness Enumeration (CWE)

CWE-189 - Numeric Errors

Nessus

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2005-095.NASL
description	Tavis Ormandy of the Gentoo Linux Security Audit Team discovered two vulnerabilities in the GNU debugger. The first allows an attacker to execute arbitrary code with the privileges of the user running gdb if they can trick the user into loading a specially crafted executable (CVE-2005-1704). He also discovered that gdb loads and executes the file .gdbinit in the current directory even if the file belongs to a different user. If a user can be tricked into running gdb in a directory with a malicious .gdbinit file, a local attacker can exploit this to run arbitrary commands with the privileges of the user running gdb (CVE-2005-1705). The updated packages have been patched to correct these problems.
last seen	2020-06-01
modified	2020-06-02
plugin id	18404
published	2005-05-31
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18404
title	Mandrake Linux Security Advisory : gdb (MDKSA-2005:095)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2005:095. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(18404); script_version ("1.19"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2005-1704", "CVE-2005-1705"); script_xref(name:"MDKSA", value:"2005:095"); script_name(english:"Mandrake Linux Security Advisory : gdb (MDKSA-2005:095)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandrake Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "Tavis Ormandy of the Gentoo Linux Security Audit Team discovered two vulnerabilities in the GNU debugger. The first allows an attacker to execute arbitrary code with the privileges of the user running gdb if they can trick the user into loading a specially crafted executable (CVE-2005-1704). He also discovered that gdb loads and executes the file .gdbinit in the current directory even if the file belongs to a different user. If a user can be tricked into running gdb in a directory with a malicious .gdbinit file, a local attacker can exploit this to run arbitrary commands with the privileges of the user running gdb (CVE-2005-1705). The updated packages have been patched to correct these problems." ); script_set_attribute(attribute:"solution", value:"Update the affected gdb package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gdb"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005"); script_set_attribute(attribute:"patch_publication_date", value:"2005/05/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/05/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64\|i[3-6]86\|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", reference:"gdb-6.0-2.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.1", reference:"gdb-6.2-2.1.101mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.2", reference:"gdb-6.3-3.1.102mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200506-01.NASL
description	The remote host is affected by the vulnerability described in GLSA-200506-01 (Binutils, elfutils: Buffer overflow) Tavis Ormandy and Ned Ludd of the Gentoo Linux Security Audit Team discovered an integer overflow in the BFD library and elfutils, resulting in a heap based buffer overflow. Impact : Successful exploitation would require a user to access a specially crafted binary file, resulting in the execution of arbitrary code. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	18406
published	2005-06-02
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18406
title	GLSA-200506-01 : Binutils, elfutils: Buffer overflow
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200506-01. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(18406); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:42"); script_cve_id("CVE-2005-1704"); script_xref(name:"GLSA", value:"200506-01"); script_name(english:"GLSA-200506-01 : Binutils, elfutils: Buffer overflow"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200506-01 (Binutils, elfutils: Buffer overflow) Tavis Ormandy and Ned Ludd of the Gentoo Linux Security Audit Team discovered an integer overflow in the BFD library and elfutils, resulting in a heap based buffer overflow. Impact : Successful exploitation would require a user to access a specially crafted binary file, resulting in the execution of arbitrary code. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200506-01" ); script_set_attribute( attribute:"solution", value: "All GNU Binutils users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose sys-devel/binutils All elfutils users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-libs/elfutils-0.108'" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:binutils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:elfutils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2005/06/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/06/02"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"sys-devel/binutils", unaffected:make_list("rge 2.14.90.0.8-r3", "rge 2.15.90.0.1.1-r5", "rge 2.15.90.0.3-r5", "rge 2.15.91.0.2-r2", "rge 2.15.92.0.2-r10", "ge 2.16-r1"), vulnerable:make_list("lt 2.16-r1"))) flag++; if (qpkg_check(package:"dev-libs/elfutils", unaffected:make_list("ge 0.108"), vulnerable:make_list("lt 0.108"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Binutils / elfutils"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2005-497.NASL
description	- Wed Jun 29 2005 Jakub Jelinek <jakub at redhat.com> 2.15.92.0.2-5.1 - bfd and readelf robustification (CVE-2005-1704, #158680) - fix buffer overflows in readelf (#149506) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	18593
published	2005-06-29
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18593
title	Fedora Core 3 : binutils-2.15.92.0.2-5.1 (2005-497)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2005-497. # include("compat.inc"); if (description) { script_id(18593); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:24"); script_xref(name:"FEDORA", value:"2005-497"); script_name(english:"Fedora Core 3 : binutils-2.15.92.0.2-5.1 (2005-497)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Wed Jun 29 2005 Jakub Jelinek <jakub at redhat.com> 2.15.92.0.2-5.1 - bfd and readelf robustification (CVE-2005-1704, #158680) - fix buffer overflows in readelf (#149506) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2005-June/001005.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d6b5ddde" ); script_set_attribute( attribute:"solution", value:"Update the affected binutils and / or binutils-debuginfo packages." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:binutils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:binutils-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:3"); script_set_attribute(attribute:"patch_publication_date", value:"2005/06/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/06/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^3([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 3.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC3", reference:"binutils-2.15.92.0.2-5.1")) flag++; if (rpm_check(release:"FC3", reference:"binutils-debuginfo-2.15.92.0.2-5.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "binutils / binutils-debuginfo"); }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2005-673.NASL
description	An updated binutils package that fixes several bugs and minor security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Binutils is a collection of utilities used for the creation of executable code. A number of bugs were found in various binutils tools. If a user is tricked into processing a specially crafted executable with utilities such as readelf, size, strings, objdump, or nm, it may allow the execution of arbitrary code as the user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1704 to this issue. In addition, the following bugs have been fixed : -- by default issue an error if IA-64 hint@pause instruction is put into the B slot, add assembler command line switch to override this behaviour -- fix linker
last seen	2020-06-01
modified	2020-06-02
plugin id	19991
published	2005-10-11
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/19991
title	RHEL 4 : binutils (RHSA-2005:673)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:673. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(19991); script_version ("1.22"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2005-1704"); script_xref(name:"RHSA", value:"2005:673"); script_name(english:"RHEL 4 : binutils (RHSA-2005:673)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated binutils package that fixes several bugs and minor security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Binutils is a collection of utilities used for the creation of executable code. A number of bugs were found in various binutils tools. If a user is tricked into processing a specially crafted executable with utilities such as readelf, size, strings, objdump, or nm, it may allow the execution of arbitrary code as the user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1704 to this issue. In addition, the following bugs have been fixed : -- by default issue an error if IA-64 hint@pause instruction is put into the B slot, add assembler command line switch to override this behaviour -- fix linker's --emit-relocs with .gnu.warning.* section symbols -- fix gprof on 64-bit ppc binaries and libraries -- fix gas mapping of register names to dwarf2 register numbers in CFI directives All users of binutils should upgrade to this updated package, which contains patches to resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-1704" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:673" ); script_set_attribute( attribute:"solution", value:"Update the affected binutils package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:binutils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/24"); script_set_attribute(attribute:"patch_publication_date", value:"2005/10/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/11"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^4([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:673"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL4", reference:"binutils-2.15.92.0.2-15")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "binutils"); } }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2005-801.NASL
description	An updated gdb package that fixes minor security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GDB, the GNU debugger, allows debugging of programs written in C, C++, and other languages by executing them in a controlled fashion, then printing their data. Several integer overflow bugs were found in gdb. If a user is tricked into processing a specially crafted executable file, it may allow the execution of arbitrary code as the user running gdb. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1704 to this issue. A bug was found in the way gdb loads .gdbinit files. When a user executes gdb, the local directory is searched for a .gdbinit file which is then loaded. It is possible for a local user to execute arbitrary commands as the user running gdb by placing a malicious .gdbinit file in a location where gdb may be run. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1705 to this issue. All users of gdb should upgrade to this updated package, which contains backported patches that resolve these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	20059
published	2005-10-19
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/20059
title	RHEL 2.1 : gdb (RHSA-2005:801)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:801. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(20059); script_version ("1.22"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2005-1704", "CVE-2005-1705"); script_xref(name:"RHSA", value:"2005:801"); script_name(english:"RHEL 2.1 : gdb (RHSA-2005:801)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated gdb package that fixes minor security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GDB, the GNU debugger, allows debugging of programs written in C, C++, and other languages by executing them in a controlled fashion, then printing their data. Several integer overflow bugs were found in gdb. If a user is tricked into processing a specially crafted executable file, it may allow the execution of arbitrary code as the user running gdb. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1704 to this issue. A bug was found in the way gdb loads .gdbinit files. When a user executes gdb, the local directory is searched for a .gdbinit file which is then loaded. It is possible for a local user to execute arbitrary commands as the user running gdb by placing a malicious .gdbinit file in a location where gdb may be run. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1705 to this issue. All users of gdb should upgrade to this updated package, which contains backported patches that resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-1704" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-1705" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:801" ); script_set_attribute(attribute:"solution", value:"Update the affected gdb package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gdb"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/24"); script_set_attribute(attribute:"patch_publication_date", value:"2005/10/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:801"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"gdb-5.3.90-0.20030710.41.2.4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gdb"); } }

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2005-763.NASL
description	An updated binutils package that fixes minor security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Binutils is a collection of utilities used for the creation of executable code. A number of bugs were found in various binutils tools. Several integer overflow bugs were found in binutils. If a user is tricked into processing a specially crafted executable with utilities such as readelf, size, strings, objdump, or nm, it may allow the execution of arbitrary code as the user running the utility. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1704 to this issue. All users of binutils should upgrade to this updated package, which contains backported patches to resolve these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	20045
published	2005-10-19
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/20045
title	RHEL 2.1 : binutils (RHSA-2005:763)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:763. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(20045); script_version ("1.22"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2005-1704"); script_xref(name:"RHSA", value:"2005:763"); script_name(english:"RHEL 2.1 : binutils (RHSA-2005:763)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated binutils package that fixes minor security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Binutils is a collection of utilities used for the creation of executable code. A number of bugs were found in various binutils tools. Several integer overflow bugs were found in binutils. If a user is tricked into processing a specially crafted executable with utilities such as readelf, size, strings, objdump, or nm, it may allow the execution of arbitrary code as the user running the utility. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1704 to this issue. All users of binutils should upgrade to this updated package, which contains backported patches to resolve these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2005-1704" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:763" ); script_set_attribute( attribute:"solution", value:"Update the affected binutils package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:binutils"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/05/24"); script_set_attribute(attribute:"patch_publication_date", value:"2005/10/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:763"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"binutils-2.11.90.0.8-12.5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "binutils"); } }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2005-498.NASL
description	- Wed Jun 29 2005 Jakub Jelinek <jakub at redhat.com> 2.15.94.0.2.2-2.1 - further bfd, readelf and binutils robustification (CVE-2005-1704, #158680) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	62259
published	2012-09-24
reporter	This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/62259
title	Fedora Core 4 : binutils-2.15.94.0.2.2-2.1 (2005-498)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2005-709.NASL
description	An updated gdb package that fixes several bugs and minor security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GDB, the GNU debugger, allows debugging of programs written in C, C++, and other languages by executing them in a controlled fashion, then printing their data. Several integer overflow bugs were found in gdb. If a user is tricked into processing a specially crafted executable file, it may allow the execution of arbitrary code as the user running gdb. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1704 to this issue. A bug was found in the way gdb loads .gdbinit files. When a user executes gdb, the local directory is searched for a .gdbinit file which is then loaded. It is possible for a local user to execute arbitrary commands as the victim running gdb by placing a malicious .gdbinit file in a location where gdb may be run. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1705 to this issue. This updated package also addresses the following issues : - GDB on ia64 had previously implemented a bug fix to work-around a kernel problem when creating a core file via gcore. The bug fix caused a significant slow-down of gcore. - GDB on ia64 issued an extraneous warning when gcore was used. - GDB on ia64 could not backtrace over a sigaltstack. - GDB on ia64 could not successfully do an info frame for a signal trampoline. - GDB on AMD64 and Intel EM64T had problems attaching to a 32-bit process. - GDB on AMD64 and Intel EM64T was not properly handling threaded watchpoints. - GDB could not build with gcc4 when -Werror flag was set. - GDB had problems printing inherited members of C++ classes. - A few updates from mainline sources concerning Dwarf2 partial die in cache support, follow-fork support, interrupted syscall support, and DW_OP_piece read support. All users of gdb should upgrade to this updated package, which resolves these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	19994
published	2005-10-11
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/19994
title	RHEL 4 : gdb (RHSA-2005:709)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200505-15.NASL
description	The remote host is affected by the vulnerability described in GLSA-200505-15 (gdb: Multiple vulnerabilities) Tavis Ormandy of the Gentoo Linux Security Audit Team discovered an integer overflow in the BFD library, resulting in a heap overflow. A review also showed that by default, gdb insecurely sources initialisation files from the working directory. Impact : Successful exploitation would result in the execution of arbitrary code on loading a specially crafted object file or the execution of arbitrary commands. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	18379
published	2005-05-28
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/18379
title	GLSA-200505-15 : gdb: Multiple vulnerabilities

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-136-1.NASL
description	Tavis Ormandy found an integer overflow in the Binary File Descriptor (BFD) parser in the GNU debugger. The same vulnerable code is also present in binutils. By tricking an user into processing a specially crafted executable with the binutils tools (strings, objdump, nm, readelf, etc.), an attacker could exploit this to execute arbitrary code with the privileges of the user running the affected program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	20527
published	2006-01-15
reporter	Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20527
title	Ubuntu 4.10 / 5.04 : binutils vulnerability (USN-136-1)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2006-0354.NASL
description	Updated elfutils packages that address a minor security issue and various other issues are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code. The elfutils packages that originally shipped with Red Hat Enterprise Linux 4 were GPL-licensed versions which lacked some functionality. Previous updates provided fully functional versions of elfutils only under the OSL license. This update provides a fully functional, GPL-licensed version of elfutils. In the OSL-licensed elfutils versions provided in previous updates, some tools could sometimes crash when given corrupted input files. (CVE-2005-1704) Also, when the eu-strip tool was used to create separate debuginfo files from relocatable objects such as kernel modules (.ko), the resulting debuginfo files (.ko.debug) were sometimes corrupted. Both of these problems are fixed in the new version. Users of elfutils should upgrade to these updated packages, which resolve these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	22274
published	2006-08-30
reporter	This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/22274
title	CentOS 4 : elfutils (CESA-2006:0354)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2006-0368.NASL
description	Updated elfutils packages that address a minor security issue and various other issues are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code. The elfutils packages that originally shipped with Red Hat Enterprise Linux 3 were GPL-licensed versions which lacked some functionality. Previous updates provided fully functional versions of elfutils only under the OSL license. This update provides a fully functional, GPL-licensed version of elfutils. In the OSL-licensed elfutils versions provided in previous updates, some tools could sometimes crash when given corrupted input files. (CVE-2005-1704) Also, when the eu-strip tool was used to create separate debuginfo files from relocatable objects such as kernel modules (.ko), the resulting debuginfo files (.ko.debug) were sometimes corrupted. Both of these problems are fixed in the new version. Users of elfutils should upgrade to these updated packages, which resolve these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	22082
published	2006-07-21
reporter	This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/22082
title	CentOS 3 : elfutils (CESA-2006:0368)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2006-0354.NASL
description	Updated elfutils packages that address a minor security issue and various other issues are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code. The elfutils packages that originally shipped with Red Hat Enterprise Linux 4 were GPL-licensed versions which lacked some functionality. Previous updates provided fully functional versions of elfutils only under the OSL license. This update provides a fully functional, GPL-licensed version of elfutils. In the OSL-licensed elfutils versions provided in previous updates, some tools could sometimes crash when given corrupted input files. (CVE-2005-1704) Also, when the eu-strip tool was used to create separate debuginfo files from relocatable objects such as kernel modules (.ko), the resulting debuginfo files (.ko.debug) were sometimes corrupted. Both of these problems are fixed in the new version. Users of elfutils should upgrade to these updated packages, which resolve these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	22219
published	2006-08-14
reporter	This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/22219
title	RHEL 4 : elfutils (RHSA-2006:0354)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2006-0368.NASL
description	Updated elfutils packages that address a minor security issue and various other issues are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code. The elfutils packages that originally shipped with Red Hat Enterprise Linux 3 were GPL-licensed versions which lacked some functionality. Previous updates provided fully functional versions of elfutils only under the OSL license. This update provides a fully functional, GPL-licensed version of elfutils. In the OSL-licensed elfutils versions provided in previous updates, some tools could sometimes crash when given corrupted input files. (CVE-2005-1704) Also, when the eu-strip tool was used to create separate debuginfo files from relocatable objects such as kernel modules (.ko), the resulting debuginfo files (.ko.debug) were sometimes corrupted. Both of these problems are fixed in the new version. Users of elfutils should upgrade to these updated packages, which resolve these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	22085
published	2006-07-21
reporter	This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/22085
title	RHEL 3 : elfutils (RHSA-2006:0368)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2005-659.NASL
description	An updated binutils package that fixes several bugs and minor security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Binutils is a collection of utilities used for the creation of executable code. A number of bugs were found in various binutils tools. Several integer overflow bugs were found in binutils. If a user is tricked into processing a specially crafted executable with utilities such as readelf, size, strings, objdump, or nm, it may allow the execution of arbitrary code as the user running the utility. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1704 to this issue. Additionally, the following bugs have been fixed : -- correct alignment of .tbss section if the requested alignment of .tbss is bigger than requested alignment of .tdata section -- by default issue an error if IA-64 hint@pause instruction is put into the B slot, add assembler command line switch to override this behaviour All users of binutils should upgrade to this updated package, which contains backported patches to resolve these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	21848
published	2006-07-03
reporter	This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/21848
title	CentOS 3 : binutils (CESA-2005:659)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2005-673.NASL
description	An updated binutils package that fixes several bugs and minor security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Binutils is a collection of utilities used for the creation of executable code. A number of bugs were found in various binutils tools. If a user is tricked into processing a specially crafted executable with utilities such as readelf, size, strings, objdump, or nm, it may allow the execution of arbitrary code as the user. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1704 to this issue. In addition, the following bugs have been fixed : -- by default issue an error if IA-64 hint@pause instruction is put into the B slot, add assembler command line switch to override this behaviour -- fix linker
last seen	2020-06-01
modified	2020-06-02
plugin id	67030
published	2013-06-29
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67030
title	CentOS 4 : binutils (CESA-2005:673)

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2005-709.NASL
description	An updated gdb package that fixes several bugs and minor security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. GDB, the GNU debugger, allows debugging of programs written in C, C++, and other languages by executing them in a controlled fashion, then printing their data. Several integer overflow bugs were found in gdb. If a user is tricked into processing a specially crafted executable file, it may allow the execution of arbitrary code as the user running gdb. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1704 to this issue. A bug was found in the way gdb loads .gdbinit files. When a user executes gdb, the local directory is searched for a .gdbinit file which is then loaded. It is possible for a local user to execute arbitrary commands as the victim running gdb by placing a malicious .gdbinit file in a location where gdb may be run. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1705 to this issue. This updated package also addresses the following issues : - GDB on ia64 had previously implemented a bug fix to work-around a kernel problem when creating a core file via gcore. The bug fix caused a significant slow-down of gcore. - GDB on ia64 issued an extraneous warning when gcore was used. - GDB on ia64 could not backtrace over a sigaltstack. - GDB on ia64 could not successfully do an info frame for a signal trampoline. - GDB on AMD64 and Intel EM64T had problems attaching to a 32-bit process. - GDB on AMD64 and Intel EM64T was not properly handling threaded watchpoints. - GDB could not build with gcc4 when -Werror flag was set. - GDB had problems printing inherited members of C++ classes. - A few updates from mainline sources concerning Dwarf2 partial die in cache support, follow-fork support, interrupted syscall support, and DW_OP_piece read support. All users of gdb should upgrade to this updated package, which resolves these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	67033
published	2013-06-29
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/67033
title	CentOS 4 : gdb (CESA-2005:709)

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2005-215.NASL
description	Integer overflows in various applications in the binutils package may allow attackers to execute arbitrary code via a carefully crafted object file. The updated packages have been patched to help address these problems.
last seen	2020-06-01
modified	2020-06-02
plugin id	20447
published	2006-01-15
reporter	This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20447
title	Mandrake Linux Security Advisory : binutils (MDKSA-2005:215)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2005-659.NASL
description	An updated binutils package that fixes several bugs and minor security issues is now available. This update has been rated as having low security impact by the Red Hat Security Response Team. Binutils is a collection of utilities used for the creation of executable code. A number of bugs were found in various binutils tools. Several integer overflow bugs were found in binutils. If a user is tricked into processing a specially crafted executable with utilities such as readelf, size, strings, objdump, or nm, it may allow the execution of arbitrary code as the user running the utility. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1704 to this issue. Additionally, the following bugs have been fixed : -- correct alignment of .tbss section if the requested alignment of .tbss is bigger than requested alignment of .tdata section -- by default issue an error if IA-64 hint@pause instruction is put into the B slot, add assembler command line switch to override this behaviour All users of binutils should upgrade to this updated package, which contains backported patches to resolve these issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	19831
published	2005-10-05
reporter	This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/19831
title	RHEL 3 : binutils (RHSA-2005:659)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2005-1032.NASL
description	This is an fc3 update for gdb regarding security issues : CVE-2005-1704 Integer Overflow in gdb This problem is that gdb
last seen	2020-06-01
modified	2020-06-02
plugin id	20100
published	2005-10-28
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20100
title	Fedora Core 3 : gdb-6.1post-1.20040607.43.0.1 (2005-1032)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2005-1033.NASL
description	This is an fc4 update for gdb that includes security issues : CVE-2005-1704 Integer Overflow in gdb This problem is that gdb
last seen	2020-06-01
modified	2020-06-02
plugin id	20101
published	2005-10-28
reporter	This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20101
title	Fedora Core 4 : gdb-6.3.0.0-1.84 (2005-1033)

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-135-1.NASL
description	Tavis Ormandy found an integer overflow in the GNU debugger. By tricking an user into merely load a specially crafted executable, an attacker could exploit this to execute arbitrary code with the privileges of the user running gdb. However, loading untrusted binaries without actually executing them is rather uncommon, so the risk of this flaw is low. (CAN-2005-1704) Tavis Ormandy also discovered that gdb loads and executes the file
last seen	2020-06-01
modified	2020-06-02
plugin id	20526
published	2006-01-15
reporter	Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2017 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20526
title	Ubuntu 4.10 / 5.04 : gdb vulnerabilities (USN-135-1)

Oval

accepted

2013-04-29T04:18:12.848-04:00

class

vulnerability

contributors

name Aharon Chernin
organization SCAP.com, LLC
name Dragos Prisaca
organization G2, Inc.

definition_extensions

comment The operating system installed on the system is Red Hat Enterprise Linux 3
oval oval:org.mitre.oval:def:11782
comment CentOS Linux 3.x
oval oval:org.mitre.oval:def:16651
comment The operating system installed on the system is Red Hat Enterprise Linux 4
oval oval:org.mitre.oval:def:11831
comment CentOS Linux 4.x
oval oval:org.mitre.oval:def:16636
comment Oracle Linux 4.x
oval oval:org.mitre.oval:def:15990

description

family

unix

oval:org.mitre.oval:def:9071

status

accepted

submitted

2010-07-09T03:56:16-04:00

title

version

Redhat

advisories

bugzilla

id	186992
title	Elfutils license upgrade

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 4 is installed
oval oval:com.redhat.rhba:tst:20070304025

AND
comment elfutils-devel is earlier than 0:0.97.1-3
oval oval:com.redhat.rhsa:tst:20060354001
comment elfutils-devel is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060354002
AND
comment elfutils-libelf-devel is earlier than 0:0.97.1-3
oval oval:com.redhat.rhsa:tst:20060354003
comment elfutils-libelf-devel is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060354004
AND
comment elfutils is earlier than 0:0.97.1-3
oval oval:com.redhat.rhsa:tst:20060354005
comment elfutils is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060354006
AND
comment elfutils-libelf is earlier than 0:0.97.1-3
oval oval:com.redhat.rhsa:tst:20060354007
comment elfutils-libelf is signed with Red Hat master key
oval oval:com.redhat.rhsa:tst:20060354008

rhsa

id	RHSA-2006:0354
released	2006-08-10
severity	Low
title	RHSA-2006:0354: elfutils security update (Low)

rhsa
id RHSA-2005:659
rhsa
id RHSA-2005:673
rhsa
id RHSA-2005:709
rhsa
id RHSA-2005:763
rhsa
id RHSA-2005:801
rhsa
id RHSA-2006:0368

rpms

binutils-0:2.14.90.0.4-39
binutils-debuginfo-0:2.14.90.0.4-39
binutils-0:2.15.92.0.2-15
binutils-debuginfo-0:2.15.92.0.2-15
gdb-0:6.3.0.0-1.63
gdb-debuginfo-0:6.3.0.0-1.63
elfutils-0:0.97.1-3
elfutils-debuginfo-0:0.97.1-3
elfutils-devel-0:0.97.1-3
elfutils-libelf-0:0.97.1-3
elfutils-libelf-devel-0:0.97.1-3
elfutils-0:0.94.1-2
elfutils-debuginfo-0:0.94.1-2
elfutils-devel-0:0.94.1-2
elfutils-libelf-0:0.94.1-2
elfutils-libelf-devel-0:0.94.1-2

Statements

contributor	Mark J Cox
lastmodified	2007-03-14
organization	Red Hat
statement	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Oval

Redhat

Statements

References