Home page logo
/

bugtraq logo Bugtraq mailing list archives

MDKSA-2005:095 - Updated gdb packages fix vulnerabilities
From: Mandriva Security Team <security () mandriva com>
Date: Mon, 30 May 2005 14:38:32 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           gdb
 Advisory ID:            MDKSA-2005:095
 Date:                   May 30th, 2005

 Affected versions:      10.0, 10.1, 10.2, Corporate 3.0,
                         Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 Tavis Ormandy of the Gentoo Linux Security Audit Team discovered two
 vulnerabilites in the GNU debugger.  The first allows an attacker to
 execute arbitrary code with the privileges of the user running gdb if
 they can trick the user into loading a specially crafted executable
 (CAN-2005-1704).
 
 He also discovered that gdb loads and executes the file .gdbinit in the
 current directory even if the file belongs to a different user.  If a
 user can be tricked into running gdb in a directory with a malicious
 .gdbinit file, a local attacker can exploit this to run arbitrary
 commands with the privileges of the user running gdb (CAN-2005-1705).
 
 The updated packages have been patched to correct these problems.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1704
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1705
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 3a50223904d8735180a6e6d1367adebe  10.0/RPMS/gdb-6.0-2.1.100mdk.i586.rpm
 a66ca0ba26db821f6cd6b2a962164b89  10.0/SRPMS/gdb-6.0-2.1.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 9beb409470d2b5767c1cee9dabf19aec  amd64/10.0/RPMS/gdb-6.0-2.1.100mdk.amd64.rpm
 a66ca0ba26db821f6cd6b2a962164b89  amd64/10.0/SRPMS/gdb-6.0-2.1.100mdk.src.rpm

 Mandrakelinux 10.1:
 f709e9355a954210f9791cdaa136d123  10.1/RPMS/gdb-6.2-2.1.101mdk.i586.rpm
 4ccb813e4b0ee7499c45dcfc5aa5c7e8  10.1/SRPMS/gdb-6.2-2.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 dde6afb0ef27339bd81a9d9ae195151e  x86_64/10.1/RPMS/gdb-6.2-2.1.101mdk.x86_64.rpm
 4ccb813e4b0ee7499c45dcfc5aa5c7e8  x86_64/10.1/SRPMS/gdb-6.2-2.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 9984dc6334cd1ea0ef1f1e9304ad3722  10.2/RPMS/gdb-6.3-3.1.102mdk.i586.rpm
 ae742ac4e532252f83f8c7aff810d811  10.2/SRPMS/gdb-6.3-3.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 2df9adbbcd385b9c5e2dc514cb3885ad  x86_64/10.2/RPMS/gdb-6.3-3.1.102mdk.x86_64.rpm
 ae742ac4e532252f83f8c7aff810d811  x86_64/10.2/SRPMS/gdb-6.3-3.1.102mdk.src.rpm

 Corporate Server 2.1:
 b4f7eaa06d432f1dbd7b714249f518fd  corporate/2.1/RPMS/gdb-5.3-24.1.C21mdk.i586.rpm
 c58ff8886c0762bb8f685f07bb97fef8  corporate/2.1/SRPMS/gdb-5.3-24.1.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 b641cd3e7e43ccfcb9d9aa5a88651863  x86_64/corporate/2.1/RPMS/gdb-5.3-24.1.C21mdk.x86_64.rpm
 c58ff8886c0762bb8f685f07bb97fef8  x86_64/corporate/2.1/SRPMS/gdb-5.3-24.1.C21mdk.src.rpm

 Corporate 3.0:
 2cfaab7e4ee44d4b8122165a0540c6ad  corporate/3.0/RPMS/gdb-6.0-2.1.C30mdk.i586.rpm
 3136e4376e69c88876b56dd152b291d5  corporate/3.0/SRPMS/gdb-6.0-2.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 95087b0e2e5d27c4ac30b881bf12ee42  x86_64/corporate/3.0/RPMS/gdb-6.0-2.1.C30mdk.x86_64.rpm
 3136e4376e69c88876b56dd152b291d5  x86_64/corporate/3.0/SRPMS/gdb-6.0-2.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFCm3nImqjQ0CJFipgRAkn1AJ4w1BUE1UguPJRqU94SZlh8Ed5YmQCg8pqI
YggXQInzlc1OQEmEPYQdFVw=
=hBCK
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • MDKSA-2005:095 - Updated gdb packages fix vulnerabilities Mandriva Security Team (May 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault