Vulnerabilities > CVE-2011-4355 - Permissions, Privileges, and Access Controls vulnerability in GNU GDB

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

gnu

CWE-264

nessus

NVD

Published: 2013-03-05

Updated: 2023-02-13

Summary

GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts.

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU GDB 6.1 GNU GDB 6.1.1 GNU GDB 5.2.1 GNU GDB 6.3 GNU GDB 5.1.1 GNU GDB 6.7.1 GNU GDB 6.2 GNU GDB 5.2 GNU GDB 4.18 GNU GDB 5.1 GNU GDB 7.3.1 GNU GDB 5.0 GNU GDB 7.2 GNU GDB 5.0.92 GNU GDB 6.5 GNU GDB 6.4 GNU GDB 7.4 GNU GDB 7.0 GNU GDB 6.8 GNU GDB 7.3 GNU GDB 6.2.1 GNU GDB 6.6 GNU GDB 7.0.1 GNU GDB 7.1 GNU GDB 5.0.93 GNU GDB 6.7 GNU GDB 5.3 GNU GDB 6.0 GNU GDB - GNU GDB 6.0A GNU GDB 6.1.1A GNU GDB 6.1A GNU GDB 6.2.1A GNU GDB 6.2A GNU GDB 6.3A GNU GDB 6.4A GNU GDB 6.5A GNU GDB 6.6A GNU GDB 6.7.1A GNU GDB 6.7A GNU GDB 6.8A GNU GDB 7.0.1A GNU GDB 7.0A GNU GDB 7.1A GNU GDB 7.3A GNU GDB 7.4.1	46

Common Weakness Enumeration (CWE)

CWE-264 - Permissions, Privileges, and Access Controls

Common Attack Pattern Enumeration and Classification (CAPEC)

Accessing, Modifying or Executing Executable Files
An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
Blue Boxing
This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.
Restful Privilege Elevation
Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
Target Programs with Elevated Privileges
This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.

Nessus

NASL family	Oracle Linux Local Security Checks
NASL id	ORACLELINUX_ELSA-2013-0522.NASL
description	From Red Hat Security Advisory 2013:0522 : Updated gdb packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The GNU Debugger (GDB) allows debugging of programs written in C, C++, Java, and other languages by executing them in a controlled fashion and then printing out their data. GDB tried to auto-load certain files (such as GDB scripts, Python scripts, and a thread debugging library) from the current working directory when debugging programs. This could result in the execution of arbitrary code with the user
last seen	2020-06-01
modified	2020-06-02
plugin id	68758
published	2013-07-12
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/68758
title	Oracle Linux 6 : gdb (ELSA-2013-0522)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0522 and # Oracle Linux Security Advisory ELSA-2013-0522 respectively. # include("compat.inc"); if (description) { script_id(68758); script_version("1.6"); script_cvs_date("Date: 2019/09/30 10:58:18"); script_cve_id("CVE-2011-4355"); script_bugtraq_id(50829); script_xref(name:"RHSA", value:"2013:0522"); script_name(english:"Oracle Linux 6 : gdb (ELSA-2013-0522)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2013:0522 : Updated gdb packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The GNU Debugger (GDB) allows debugging of programs written in C, C++, Java, and other languages by executing them in a controlled fashion and then printing out their data. GDB tried to auto-load certain files (such as GDB scripts, Python scripts, and a thread debugging library) from the current working directory when debugging programs. This could result in the execution of arbitrary code with the user's privileges when GDB was run in a directory that has untrusted content. (CVE-2011-4355) With this update, GDB no longer auto-loads files from the current directory and only trusts certain system directories by default. The list of trusted directories can be viewed and modified using the 'show auto-load safe-path' and 'set auto-load safe-path' GDB commands. Refer to the GDB manual, linked to in the References, for further information. This update also fixes the following bugs : * When a struct member was at an offset greater than 256 MB, the resulting bit position within the struct overflowed and caused an invalid memory access by GDB. With this update, the code has been modified to ensure that GDB can access such positions. (BZ#795424) * When a thread list of the core file became corrupted, GDB did not print this list but displayed the 'Cannot find new threads: generic error' error message instead. With this update, GDB has been modified and it now prints the thread list of the core file as expected. (BZ#811648) * GDB did not properly handle debugging of multiple binaries with the same build ID. This update modifies GDB to use symbolic links created for particular binaries so that debugging of binaries that share a build ID now proceeds as expected. Debugging of live programs and core files is now more user-friendly. (BZ#836966) All users of gdb are advised to upgrade to these updated packages, which contain backported patches to correct these issues." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2013-February/003274.html" ); script_set_attribute(attribute:"solution", value:"Update the affected gdb packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:gdb-gdbserver"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/05"); script_set_attribute(attribute:"patch_publication_date", value:"2013/02/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| !pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server\|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL6", reference:"gdb-7.2-60.el6")) flag++; if (rpm_check(release:"EL6", reference:"gdb-gdbserver-7.2-60.el6")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gdb / gdb-gdbserver"); }

NASL family	Amazon Linux Local Security Checks
NASL id	ALA_ALAS-2013-159.NASL
description	GDB tried to auto-load certain files (such as GDB scripts, Python scripts, and a thread debugging library) from the current working directory when debugging programs. This could result in the execution of arbitrary code with the user
last seen	2020-06-01
modified	2020-06-02
plugin id	69718
published	2013-09-04
reporter	This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/69718
title	Amazon Linux AMI : gdb (ALAS-2013-159)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2013-159. # include("compat.inc"); if (description) { script_id(69718); script_version("1.5"); script_cvs_date("Date: 2018/04/18 15:09:34"); script_cve_id("CVE-2011-4355"); script_xref(name:"ALAS", value:"2013-159"); script_xref(name:"RHSA", value:"2013:0522"); script_name(english:"Amazon Linux AMI : gdb (ALAS-2013-159)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "GDB tried to auto-load certain files (such as GDB scripts, Python scripts, and a thread debugging library) from the current working directory when debugging programs. This could result in the execution of arbitrary code with the user's privileges when GDB was run in a directory that has untrusted content. (CVE-2011-4355) With this update, GDB no longer auto-loads files from the current directory and only trusts certain system directories by default. The list of trusted directories can be viewed and modified using the 'show auto-load safe-path' and 'set auto-load safe-path' GDB commands. Refer to the GDB manual, linked to in the References, for further information." ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2013-159.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update gdb' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:gdb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:gdb-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:gdb-gdbserver"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) \|\| !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A\|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"gdb-7.2-60.13.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"gdb-debuginfo-7.2-60.13.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"gdb-gdbserver-7.2-60.13.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gdb / gdb-debuginfo / gdb-gdbserver"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2012-6614.NASL
description	Update
last seen	2020-03-17
modified	2012-08-20
plugin id	61585
published	2012-08-20
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/61585
title	Fedora 16 : gdb-7.3.50.20110722-16.fc16 (2012-6614)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-6614. # include("compat.inc"); if (description) { script_id(61585); script_version("1.11"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2011-4355"); script_bugtraq_id(50829); script_xref(name:"FEDORA", value:"2012-6614"); script_name(english:"Fedora 16 : gdb-7.3.50.20110722-16.fc16 (2012-6614)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update 'set auto-load' patchset and the --with-auto-load-safe-path setting. Security fix for loading untrusted inferiors, see 'set auto-load'. Security fix for loading untrusted inferiors, see 'set auto-load'. Workaround crashes from stale frame_info pointer (BZ 804256). Security fix for loading untrusted inferiors, see 'set auto-load' (BZ 756117). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=756117" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=804256" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-August/085145.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?792ae291" ); script_set_attribute(attribute:"solution", value:"Update the affected gdb package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gdb"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^16([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC16", reference:"gdb-7.3.50.20110722-16.fc16")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gdb"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2012-6635.NASL
description	Update
last seen	2020-03-17
modified	2012-05-07
plugin id	58999
published	2012-05-07
reporter	This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/58999
title	Fedora 17 : gdb-7.4.50.20120120-42.fc17 (2012-6635)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-6635. # include("compat.inc"); if (description) { script_id(58999); script_version("1.11"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2011-4355"); script_bugtraq_id(50829); script_xref(name:"FEDORA", value:"2012-6635"); script_name(english:"Fedora 17 : gdb-7.4.50.20120120-42.fc17 (2012-6635)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update 'set auto-load' patchset and the --with-auto-load-safe-path setting. Security fix for loading untrusted inferiors, see 'set auto-load'. Security fix for loading untrusted inferiors, see 'set auto-load'. Workaround crashes from stale frame_info pointer (BZ 804256). Security fix for loading untrusted inferiors, see 'set auto-load' (BZ 756117). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=756117" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=804256" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-May/079973.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e82be48a" ); script_set_attribute(attribute:"solution", value:"Update the affected gdb package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gdb"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17"); script_set_attribute(attribute:"patch_publication_date", value:"2012/04/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/05/07"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^17([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC17", reference:"gdb-7.4.50.20120120-42.fc17")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gdb"); }

NASL family	CentOS Local Security Checks
NASL id	CENTOS_RHSA-2013-0522.NASL
description	Updated gdb packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The GNU Debugger (GDB) allows debugging of programs written in C, C++, Java, and other languages by executing them in a controlled fashion and then printing out their data. GDB tried to auto-load certain files (such as GDB scripts, Python scripts, and a thread debugging library) from the current working directory when debugging programs. This could result in the execution of arbitrary code with the user
last seen	2020-06-01
modified	2020-06-02
plugin id	65153
published	2013-03-10
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/65153
title	CentOS 6 : gdb (CESA-2013:0522)

NASL family	Scientific Linux Local Security Checks
NASL id	SL_20130221_GDB_ON_SL6_X.NASL
description	GDB tried to auto-load certain files (such as GDB scripts, Python scripts, and a thread debugging library) from the current working directory when debugging programs. This could result in the execution of arbitrary code with the user
last seen	2020-03-18
modified	2013-03-01
plugin id	64951
published	2013-03-01
reporter	This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/64951
title	Scientific Linux Security Update : gdb on SL6.x i386/x86_64 (20130221)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-0522.NASL
description	Updated gdb packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The GNU Debugger (GDB) allows debugging of programs written in C, C++, Java, and other languages by executing them in a controlled fashion and then printing out their data. GDB tried to auto-load certain files (such as GDB scripts, Python scripts, and a thread debugging library) from the current working directory when debugging programs. This could result in the execution of arbitrary code with the user
last seen	2020-06-01
modified	2020-06-02
plugin id	64769
published	2013-02-21
reporter	This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/64769
title	RHEL 6 : gdb (RHSA-2013:0522)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2013-0579.NASL
description	An updated rhev-hypervisor6 package that fixes three security issues, various bugs, and adds an enhancement is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way the vhost kernel module handled descriptors that spanned multiple regions. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges on the host. (CVE-2013-0311) It was found that the default SCSI command filter does not accommodate commands that overlap across device classes. A privileged guest user could potentially use this flaw to write arbitrary data to a LUN that is passed-through as read-only. (CVE-2012-4542) It was discovered that dnsmasq, when used in combination with certain libvirtd configurations, could incorrectly process network packets from network interfaces that were intended to be prohibited. A remote, unauthenticated attacker could exploit this flaw to cause a denial of service via DNS amplification attacks. (CVE-2012-3411) The CVE-2012-4542 issue was discovered by Paolo Bonzini of Red Hat. This updated package provides updated components that include fixes for several security issues. These issues had no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2012-3955 (dhcp issue) CVE-2011-4355 (gdb issue) CVE-2012-4508, CVE-2013-0190, CVE-2013-0309, and CVE-2013-0310 (kernel issues) CVE-2012-5536 (openssh issue) CVE-2011-3148 and CVE-2011-3149 (pam issues) CVE-2013-0157 (util-linux-ng issue) This updated Red Hat Enterprise Virtualization Hypervisor package also fixes the following bugs : * Previously, the Administration Portal would always display the option to upgrade the Red Hat Enterprise Virtualization Hypervisor ISO regardless of whether or not the selected host was up-to-date. Now, the VDSM version compatibility is considered and the upgrade message only displays if there is an upgrade relevant to the host available. (BZ#853092) * An out of date version of libvirt was included in the Red Hat Enterprise Virtualization Hypervisor 6.4 package. As a result, virtual machines with supported CPU models were not being properly parsed by libvirt and failed to start. A more recent version of libvirt has been included in this updated hypervisor package. Virtual machines now start normally. (BZ#895078) As well, this update adds the following enhancement : * Hypervisor packages now take advantage of the installonlypkg function provided by yum. This allows for multiple versions of the hypervisor package to be installed on a system concurrently without making changes to the yum configuration as was previously required. (BZ#863579) This update includes the ovirt-node build from RHBA-2013:0556 : https://rhn.redhat.com/errata/RHBA-2013-0556.html Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which fixes these issues and adds this enhancement.
last seen	2020-06-01
modified	2020-06-02
plugin id	78950
published	2014-11-08
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/78950
title	RHEL 6 : rhev-hypervisor6 (RHSA-2013:0579)

Redhat

advisories

bugzilla

id	836966
title	Backport gdb fix to handle identical binaries via additional build-id symlinks

oval

comment Red Hat Enterprise Linux must be installed
oval oval:com.redhat.rhba:tst:20070304026

AND

comment Red Hat Enterprise Linux 6 is installed
oval oval:com.redhat.rhba:tst:20111656003

AND
comment gdb-gdbserver is earlier than 0:7.2-60.el6
oval oval:com.redhat.rhsa:tst:20130522001
comment gdb-gdbserver is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130522002
AND
comment gdb is earlier than 0:7.2-60.el6
oval oval:com.redhat.rhsa:tst:20130522003
comment gdb is signed with Red Hat redhatrelease2 key
oval oval:com.redhat.rhsa:tst:20130522004

rhsa

id	RHSA-2013:0522
released	2013-02-20
severity	Moderate
title	RHSA-2013:0522: gdb security and bug fix update (Moderate)

rpms

gdb-0:7.2-60.el6
gdb-debuginfo-0:7.2-60.el6
gdb-gdbserver-0:7.2-60.el6

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 50829 CVE ID: CVE-2011-4355 Linux是自由电脑操作系统内核,Linux所带的GNU Debugger (gdb)工具实现上存在漏洞，在定义了.debug_gdb_scripts后，gdb会从当前目录加载可疑文件，造成以当前用户权限执行任意代码。 Linux kernel 2.6.x 厂商补丁： Linux ----- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.kernel.org/
id	SSV:24264
last seen	2017-11-19
modified	2011-11-29
published	2011-11-29
reporter	Root
title	Linux GNU Debugger "debug_gdb_scripts"加载任意代码执行漏洞

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Redhat

Seebug

References