Boletines de Vulnerabilidades |
Múltiples vulnerabilidades en gdb |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Aumento de privilegios |
Dificultad | Experto |
Requerimientos del atacante | Acceso remoto con cuenta |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado |
gdb < 6.3 binutils |
Descripción |
|
Se han descubierto dos vulnerabilidades en versiones anteriores a gdb 6.3 y binutils. Las vulnerabilidades son descritas a continuación: - CAN-2005-1704: Desbordamiento de entero en la librería BFD. La vulnerabilidad reside en el manejo de un archivo objeto que especifique un gran número de cabeceras de sección, lo que podría resultar en un desbordamiento de búfer en la zona de heap. La explotación de esta vulnerabilidad podría permitir a un atacante local o remoto ejecutar código arbitrario mediante un archivo objeto especialmente diseñado. - CAN-2005-1705: Vulnerabilidad en el manejo del archivo de configuración .gdbinit ya que gdb siempre intenta cargarlo del directorio de trabajo actual. La explotación de esta vulnerabilidad podría permitir a un atacante local ejecutar código arbitrario con los privilegios del usuario ejecutando gdb. |
|
Solución |
|
Actualización de software Mandriva Linux (gdb) Mandrakelinux 10.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/gdb-6.0-2.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/gdb-6.0-2.1.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/gdb-6.0-2.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/gdb-6.0-2.1.100mdk.src.rpm Mandrakelinux 10.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/gdb-6.2-2.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/gdb-6.2-2.1.101mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/gdb-6.2-2.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/gdb-6.2-2.1.101mdk.src.rpm Corporate Server 2.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/gdb-5.3-24.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/gdb-5.3-24.1.C21mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/gdb-5.3-24.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/gdb-5.3-24.1.C21mdk.src.rpm Corporate Server 3.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/gdb-6.0-2.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/gdb-6.0-2.1.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/gdb-6.0-2.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/gdb-6.0-2.1.C30mdk.src.rpm Mandrivalinux LE2005 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/gdb-6.3-3.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/gdb-6.3-3.1.102mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/gdb-6.3-3.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/gdb-6.3-3.1.102mdk.src.rpm Mandriva (binutils) Mandrakelinux 10.1 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/binutils-2.15.90.0.3-1.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libbinutils2-2.15.90.0.3-1.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libbinutils2-devel-2.15.90.0.3-1.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/binutils-2.15.90.0.3-1.2.101mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/binutils-2.15.90.0.3-1.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64binutils2-2.15.90.0.3-1.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64binutils2-devel-2.15.90.0.3-1.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/binutils-2.15.90.0.3-1.2.101mdk.src.rpm Corporate Server 2.1 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/binutils-2.13.90.0.10-1.2.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libbinutils2-2.13.90.0.10-1.2.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libbinutils2-devel-2.13.90.0.10-1.2.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/binutils-2.13.90.0.10-1.2.C21mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/binutils-2.13.90.0.10-1.2.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libbinutils2-2.13.90.0.10-1.2.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libbinutils2-devel-2.13.90.0.10-1.2.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/binutils-2.13.90.0.10-1.2.C21mdk.src.rpm Corporate Server 3.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/binutils-2.14.90.0.7-2.2.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libbinutils2-2.14.90.0.7-2.2.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libbinutils2-devel-2.14.90.0.7-2.2.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/binutils-2.14.90.0.7-2.2.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/binutils-2.14.90.0.7-2.2.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64binutils2-2.14.90.0.7-2.2.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64binutils2-devel-2.14.90.0.7-2.2.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/binutils-2.14.90.0.7-2.2.C30mdk.src.rpm Multi Network Firewall 2.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/RPMS/binutils-2.14.90.0.7-2.2.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/RPMS/libbinutils2-2.14.90.0.7-2.2.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/SRPMS/binutils-2.14.90.0.7-2.2.M20mdk.src.rpm Mandrivalinux LE2005 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/binutils-2.15.92.0.2-6.2.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libbinutils2-2.15.92.0.2-6.2.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libbinutils2-devel-2.15.92.0.2-6.2.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/binutils-2.15.92.0.2-6.2.102mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/binutils-2.15.92.0.2-6.2.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64binutils2-2.15.92.0.2-6.2.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64binutils2-devel-2.15.92.0.2-6.2.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/binutils-2.15.92.0.2-6.2.102mdk.src.rpm Red Hat (binutils) Red Hat Desktop (v. 3) / SRPMS binutils-2.14.90.0.4-39.src.rpm Red Hat Desktop (v. 3) / IA-32 binutils-2.14.90.0.4-39.i386.rpm Red Hat Desktop (v. 3) / x86_64 binutils-2.14.90.0.4-39.x86_64.rpm Red Hat Enterprise Linux AS (v. 3) / SRPMS binutils-2.14.90.0.4-39.src.rpm Red Hat Enterprise Linux AS (v. 3) / IA-32 binutils-2.14.90.0.4-39.i386.rpm Red Hat Enterprise Linux AS (v. 3) / IA-64 binutils-2.14.90.0.4-39.ia64.rpm Red Hat Enterprise Linux AS (v. 3) / PPC binutils-2.14.90.0.4-39.ppc.rpm Red Hat Enterprise Linux AS (v. 3) / s390 binutils-2.14.90.0.4-39.s390.rpm Red Hat Enterprise Linux AS (v. 3) / s390x binutils-2.14.90.0.4-39.s390x.rpm Red Hat Enterprise Linux AS (v. 3) / x86_64 binutils-2.14.90.0.4-39.x86_64.rpm Red Hat Enterprise Linux ES (v. 3) / SRPMS binutils-2.14.90.0.4-39.src.rpm Red Hat Enterprise Linux ES (v. 3) / IA-32 binutils-2.14.90.0.4-39.i386.rpm Red Hat Enterprise Linux ES (v. 3) / IA-64 binutils-2.14.90.0.4-39.ia64.rpm Red Hat Enterprise Linux ES (v. 3) / x86_64 binutils-2.14.90.0.4-39.x86_64.rpm Red Hat Enterprise Linux WS (v. 3) / SRPMS binutils-2.14.90.0.4-39.src.rpm Red Hat Enterprise Linux WS (v. 3) / IA-32 binutils-2.14.90.0.4-39.i386.rpm Red Hat Enterprise Linux WS (v. 3) / IA-64 binutils-2.14.90.0.4-39.ia64.rpm Red Hat Enterprise Linux WS (v. 3) / x86_64 binutils-2.14.90.0.4-39.x86_64.rpm Red Hat Desktop (v. 4) / SRPMS binutils-2.15.92.0.2-15.src.rpm Red Hat Desktop (v. 4) / IA-32 binutils-2.15.92.0.2-15.i386.rpm Red Hat Desktop (v. 4) / x86_64 binutils-2.15.92.0.2-15.x86_64.rpm Red Hat Enterprise Linux AS (v. 4) / SRPMS binutils-2.15.92.0.2-15.src.rpm Red Hat Enterprise Linux AS (v. 4) / IA-32 binutils-2.15.92.0.2-15.i386.rpm Red Hat Enterprise Linux AS (v. 4) / IA-64 binutils-2.15.92.0.2-15.ia64.rpm Red Hat Enterprise Linux AS (v. 4) / PPC binutils-2.15.92.0.2-15.ppc.rpm Red Hat Enterprise Linux AS (v. 4) / s390 binutils-2.15.92.0.2-15.s390.rpm Red Hat Enterprise Linux AS (v. 4) / s390x binutils-2.15.92.0.2-15.s390x.rpm Red Hat Enterprise Linux AS (v. 4) / x86_64 binutils-2.15.92.0.2-15.x86_64.rpm Red Hat Enterprise Linux ES (v. 4) / SRPMS binutils-2.15.92.0.2-15.src.rpm Red Hat Enterprise Linux ES (v. 4) / IA-32 binutils-2.15.92.0.2-15.i386.rpm Red Hat Enterprise Linux ES (v. 4) / IA-64 binutils-2.15.92.0.2-15.ia64.rpm Red Hat Enterprise Linux ES (v. 4) / x86_64 binutils-2.15.92.0.2-15.x86_64.rpm Red Hat Enterprise Linux WS (v. 4) / SRPMS binutils-2.15.92.0.2-15.src.rpm Red Hat Enterprise Linux WS (v. 4) / IA-32 binutils-2.15.92.0.2-15.i386.rpm Red Hat Enterprise Linux WS (v. 4) / IA-64 binutils-2.15.92.0.2-15.ia64.rpm Red Hat Enterprise Linux WS (v. 4) / x86_64 binutils-2.15.92.0.2-15.x86_64.rpm Red Hat Enterprise Linux AS (v. 2.1) / SRPMS binutils-2.11.90.0.8-12.5.src.rpm Red Hat Enterprise Linux AS (v. 2.1) / IA-32 binutils-2.11.90.0.8-12.5.i386.rpm Red Hat Enterprise Linux AS (v. 2.1) / IA-64 binutils-2.11.90.0.8-12.5.ia64.rpm Red Hat Enterprise Linux ES (v. 2.1) / SRPMS binutils-2.11.90.0.8-12.5.src.rpm Red Hat Enterprise Linux ES (v. 2.1) / IA-32 binutils-2.11.90.0.8-12.5.i386.rpm Red Hat Enterprise Linux WS (v. 2.1) / SRPMS binutils-2.11.90.0.8-12.5.src.rpm Red Hat Enterprise Linux WS (v. 2.1) / IA-32 binutils-2.11.90.0.8-12.5.i386.rpm Red Hat Linux Advanced Workstation 2.1 Itanium / SRPMS binutils-2.11.90.0.8-12.5.src.rpm Red Hat Linux Advanced Workstation 2.1 Itanium / IA-64 binutils-2.11.90.0.8-12.5.ia64.rpm Red Hat (gdb) Red Hat Desktop (v. 4) / SRPMS gdb-6.3.0.0-1.63.src.rpm Red Hat Desktop (v. 4) / IA-32 gdb-6.3.0.0-1.63.i386.rpm Red Hat Desktop (v. 4) / x86_64 gdb-6.3.0.0-1.63.x86_64.rpm Red Hat Enterprise Linux AS (v. 4) / SRPMS gdb-6.3.0.0-1.63.src.rpm Red Hat Enterprise Linux AS (v. 4) / IA-32 gdb-6.3.0.0-1.63.i386.rpm Red Hat Enterprise Linux AS (v. 4) / IA-64 gdb-6.3.0.0-1.63.i386.rpm gdb-6.3.0.0-1.63.ia64.rpm Red Hat Enterprise Linux AS (v. 4) / PPC gdb-6.3.0.0-1.63.ppc64.rpm Red Hat Enterprise Linux AS (v. 4) / s390 gdb-6.3.0.0-1.63.s390.rpm Red Hat Enterprise Linux AS (v. 4) / s390x gdb-6.3.0.0-1.63.s390x.rpm Red Hat Enterprise Linux AS (v. 4) / x86_64 gdb-6.3.0.0-1.63.x86_64.rpm Red Hat Enterprise Linux ES (v. 4) / SRPMS gdb-6.3.0.0-1.63.src.rpm Red Hat Enterprise Linux ES (v. 4) / IA-32 gdb-6.3.0.0-1.63.i386.rpm Red Hat Enterprise Linux ES (v. 4) / IA-64 gdb-6.3.0.0-1.63.i386.rpm gdb-6.3.0.0-1.63.ia64.rpm Red Hat Enterprise Linux ES (v. 4) / x86_64 gdb-6.3.0.0-1.63.x86_64.rpm Red Hat Enterprise Linux WS (v. 4) / SRPMS gdb-6.3.0.0-1.63.src.rpm Red Hat Enterprise Linux WS (v. 4) / IA-32 gdb-6.3.0.0-1.63.i386.rpm Red Hat Enterprise Linux WS (v. 4) / IA-64 gdb-6.3.0.0-1.63.i386.rpm gdb-6.3.0.0-1.63.ia64.rpm Red Hat Enterprise Linux WS (v. 4) / x86_64 gdb-6.3.0.0-1.63.x86_64.rpm Red Hat Enterprise Linux AS (v. 2.1) / SRPMS gdb-5.3.90-0.20030710.41.2.4.src.rpm Red Hat Enterprise Linux AS (v. 2.1) / IA-32 gdb-5.3.90-0.20030710.41.2.4.i386.rpm Red Hat Enterprise Linux AS (v. 2.1) / IA-64 gdb-5.3.90-0.20030710.41.2.4.ia64.rpm Red Hat Enterprise Linux ES (v. 2.1) / SRPMS gdb-5.3.90-0.20030710.41.2.4.src.rpm Red Hat Enterprise Linux ES (v. 2.1) / IA-32 gdb-5.3.90-0.20030710.41.2.4.i386.rpm Red Hat Enterprise Linux WS (v. 2.1) / SRPMS gdb-5.3.90-0.20030710.41.2.4.src.rpm Red Hat Enterprise Linux WS (v. 2.1) / IA-32 gdb-5.3.90-0.20030710.41.2.4.i386.rpm Red Hat Linux Advanced Workstation 2.1 Itanium / SRPMS gdb-5.3.90-0.20030710.41.2.4.src.rpm Red Hat Linux Advanced Workstation 2.1 Itanium / IA-64 gdb-5.3.90-0.20030710.41.2.4.ia64.rpm SGI Advanced Linux Environment 3 / RPM / Patch 10227 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS Advanced Linux Environment 3 / SRPM / Patch 10227 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS SGI Advanced Linux Environment 3 / RPM / Patch 10321 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS Advanced Linux Environment 3 / SRPM / Patch 10321 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE |
CAN-2005-1704 CAN-2005-1705 |
BID | |
Recursos adicionales |
|
Mandriva Security Advisories MDKSA-2005:095 http://www.mandriva.com/security/advisories?name=MDKSA-2005:095 Mandriva Security Advisory (MDKSA-2005:215) http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:215 Red Hat Security Advisory (RHSA-2005:659-9) https://rhn.redhat.com/errata/RHSA-2005-659.html Red Hat Security Advisory (RHSA-2005:709-6) https://rhn.redhat.com/errata/RHSA-2005-709.html Red Hat Security Advisory (RHSA-2005:673-5) https://rhn.redhat.com/errata/RHSA-2005-673.html Red Hat Security Advisory (RHSA-2005:763-2) https://rhn.redhat.com/errata/RHSA-2005-763.html Red Hat Security Advisory (RHSA-2005:801-4) https://rhn.redhat.com/errata/RHSA-2005-801.html SGI Security Advisory (20051002-01-U) ftp://patches.sgi.com/support/free/security/advisories/20051002-01-U.asc SGI Security Advisory (20060703-01-U) ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2005-05-31 |
1.1 | Aviso emitido por Red Hat (RHSA-2005:659-9) | 2005-10-03 |
1.2 | Avisos emitidos por Red Hat (RHSA-2005:709-6, RHSA-2005:673-5, RHSA-2005:763-2) | 2005-10-18 |
1.3 | Aviso emitido por SGI (20051002-01-U) | 2005-10-21 |
1.4 | Aviso emitido por Red Hat (RHSA-2005:801-4) | 2005-10-25 |
1.5 | Aviso emitido por Mandriva (MDKSA-2005:215) | 2005-11-24 |
1.6 | Aviso emitido por SGI (20060703-01-U) | 2006-08-01 |