Summary: | <sys-devel/gdb-7.5: Loads untrusted files with possible arbitrary code execution (CVE-2011-4355) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michael Harrison <n0idx80> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | toolchain |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=703238 | ||
Whiteboard: | B2 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Michael Harrison
2011-11-29 04:33:43 UTC
CVE-2011-4355 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4355): GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts. According to CVE this is fixed in 7.5 That has already been stabilized @maintainers: Please clean up vulnerable versions Maintainer(s), please drop the vulnerable version(s). Maintaner(s): Please drop affected versions, security will remove or mask in 30 days if no response. Vulnerable versions have been removed. Security, please vote. Vote: no. GLSA Vote: No Thank you all. Closing as noglsa. |