Boletines de Vulnerabilidades

int(1615)

Boletines de Vulnerabilidades

Múltiples vulnerabilidades en gdb
Clasificación de la vulnerabilidad
Propiedad	Valor
Nivel de Confianza	Oficial
Impacto	Aumento de privilegios
Dificultad	Experto
Requerimientos del atacante	Acceso remoto con cuenta
Información sobre el sistema
Propiedad	Valor
Fabricante afectado	GNU/Linux
Software afectado	gdb < 6.3 binutils
Descripción
Se han descubierto dos vulnerabilidades en versiones anteriores a gdb 6.3 y binutils. Las vulnerabilidades son descritas a continuación: - CAN-2005-1704: Desbordamiento de entero en la librería BFD. La vulnerabilidad reside en el manejo de un archivo objeto que especifique un gran número de cabeceras de sección, lo que podría resultar en un desbordamiento de búfer en la zona de heap. La explotación de esta vulnerabilidad podría permitir a un atacante local o remoto ejecutar código arbitrario mediante un archivo objeto especialmente diseñado. - CAN-2005-1705: Vulnerabilidad en el manejo del archivo de configuración .gdbinit ya que gdb siempre intenta cargarlo del directorio de trabajo actual. La explotación de esta vulnerabilidad podría permitir a un atacante local ejecutar código arbitrario con los privilegios del usuario ejecutando gdb.
Solución
Actualización de software Mandriva Linux (gdb) Mandrakelinux 10.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/gdb-6.0-2.1.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/gdb-6.0-2.1.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/gdb-6.0-2.1.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/gdb-6.0-2.1.100mdk.src.rpm Mandrakelinux 10.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/gdb-6.2-2.1.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/gdb-6.2-2.1.101mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/gdb-6.2-2.1.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/gdb-6.2-2.1.101mdk.src.rpm Corporate Server 2.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/gdb-5.3-24.1.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/gdb-5.3-24.1.C21mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/gdb-5.3-24.1.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/gdb-5.3-24.1.C21mdk.src.rpm Corporate Server 3.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/gdb-6.0-2.1.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/gdb-6.0-2.1.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/gdb-6.0-2.1.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/gdb-6.0-2.1.C30mdk.src.rpm Mandrivalinux LE2005 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/gdb-6.3-3.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/gdb-6.3-3.1.102mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/gdb-6.3-3.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/gdb-6.3-3.1.102mdk.src.rpm Mandriva (binutils) Mandrakelinux 10.1 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/binutils-2.15.90.0.3-1.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libbinutils2-2.15.90.0.3-1.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libbinutils2-devel-2.15.90.0.3-1.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/binutils-2.15.90.0.3-1.2.101mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/binutils-2.15.90.0.3-1.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64binutils2-2.15.90.0.3-1.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64binutils2-devel-2.15.90.0.3-1.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/binutils-2.15.90.0.3-1.2.101mdk.src.rpm Corporate Server 2.1 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/binutils-2.13.90.0.10-1.2.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libbinutils2-2.13.90.0.10-1.2.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libbinutils2-devel-2.13.90.0.10-1.2.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/binutils-2.13.90.0.10-1.2.C21mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/binutils-2.13.90.0.10-1.2.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libbinutils2-2.13.90.0.10-1.2.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libbinutils2-devel-2.13.90.0.10-1.2.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/binutils-2.13.90.0.10-1.2.C21mdk.src.rpm Corporate Server 3.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/binutils-2.14.90.0.7-2.2.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libbinutils2-2.14.90.0.7-2.2.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libbinutils2-devel-2.14.90.0.7-2.2.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/binutils-2.14.90.0.7-2.2.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/binutils-2.14.90.0.7-2.2.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64binutils2-2.14.90.0.7-2.2.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64binutils2-devel-2.14.90.0.7-2.2.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/binutils-2.14.90.0.7-2.2.C30mdk.src.rpm Multi Network Firewall 2.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/RPMS/binutils-2.14.90.0.7-2.2.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/RPMS/libbinutils2-2.14.90.0.7-2.2.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/SRPMS/binutils-2.14.90.0.7-2.2.M20mdk.src.rpm Mandrivalinux LE2005 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/binutils-2.15.92.0.2-6.2.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libbinutils2-2.15.92.0.2-6.2.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libbinutils2-devel-2.15.92.0.2-6.2.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/binutils-2.15.92.0.2-6.2.102mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/binutils-2.15.92.0.2-6.2.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64binutils2-2.15.92.0.2-6.2.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64binutils2-devel-2.15.92.0.2-6.2.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/binutils-2.15.92.0.2-6.2.102mdk.src.rpm Red Hat (binutils) Red Hat Desktop (v. 3) / SRPMS binutils-2.14.90.0.4-39.src.rpm Red Hat Desktop (v. 3) / IA-32 binutils-2.14.90.0.4-39.i386.rpm Red Hat Desktop (v. 3) / x86_64 binutils-2.14.90.0.4-39.x86_64.rpm Red Hat Enterprise Linux AS (v. 3) / SRPMS binutils-2.14.90.0.4-39.src.rpm Red Hat Enterprise Linux AS (v. 3) / IA-32 binutils-2.14.90.0.4-39.i386.rpm Red Hat Enterprise Linux AS (v. 3) / IA-64 binutils-2.14.90.0.4-39.ia64.rpm Red Hat Enterprise Linux AS (v. 3) / PPC binutils-2.14.90.0.4-39.ppc.rpm Red Hat Enterprise Linux AS (v. 3) / s390 binutils-2.14.90.0.4-39.s390.rpm Red Hat Enterprise Linux AS (v. 3) / s390x binutils-2.14.90.0.4-39.s390x.rpm Red Hat Enterprise Linux AS (v. 3) / x86_64 binutils-2.14.90.0.4-39.x86_64.rpm Red Hat Enterprise Linux ES (v. 3) / SRPMS binutils-2.14.90.0.4-39.src.rpm Red Hat Enterprise Linux ES (v. 3) / IA-32 binutils-2.14.90.0.4-39.i386.rpm Red Hat Enterprise Linux ES (v. 3) / IA-64 binutils-2.14.90.0.4-39.ia64.rpm Red Hat Enterprise Linux ES (v. 3) / x86_64 binutils-2.14.90.0.4-39.x86_64.rpm Red Hat Enterprise Linux WS (v. 3) / SRPMS binutils-2.14.90.0.4-39.src.rpm Red Hat Enterprise Linux WS (v. 3) / IA-32 binutils-2.14.90.0.4-39.i386.rpm Red Hat Enterprise Linux WS (v. 3) / IA-64 binutils-2.14.90.0.4-39.ia64.rpm Red Hat Enterprise Linux WS (v. 3) / x86_64 binutils-2.14.90.0.4-39.x86_64.rpm Red Hat Desktop (v. 4) / SRPMS binutils-2.15.92.0.2-15.src.rpm Red Hat Desktop (v. 4) / IA-32 binutils-2.15.92.0.2-15.i386.rpm Red Hat Desktop (v. 4) / x86_64 binutils-2.15.92.0.2-15.x86_64.rpm Red Hat Enterprise Linux AS (v. 4) / SRPMS binutils-2.15.92.0.2-15.src.rpm Red Hat Enterprise Linux AS (v. 4) / IA-32 binutils-2.15.92.0.2-15.i386.rpm Red Hat Enterprise Linux AS (v. 4) / IA-64 binutils-2.15.92.0.2-15.ia64.rpm Red Hat Enterprise Linux AS (v. 4) / PPC binutils-2.15.92.0.2-15.ppc.rpm Red Hat Enterprise Linux AS (v. 4) / s390 binutils-2.15.92.0.2-15.s390.rpm Red Hat Enterprise Linux AS (v. 4) / s390x binutils-2.15.92.0.2-15.s390x.rpm Red Hat Enterprise Linux AS (v. 4) / x86_64 binutils-2.15.92.0.2-15.x86_64.rpm Red Hat Enterprise Linux ES (v. 4) / SRPMS binutils-2.15.92.0.2-15.src.rpm Red Hat Enterprise Linux ES (v. 4) / IA-32 binutils-2.15.92.0.2-15.i386.rpm Red Hat Enterprise Linux ES (v. 4) / IA-64 binutils-2.15.92.0.2-15.ia64.rpm Red Hat Enterprise Linux ES (v. 4) / x86_64 binutils-2.15.92.0.2-15.x86_64.rpm Red Hat Enterprise Linux WS (v. 4) / SRPMS binutils-2.15.92.0.2-15.src.rpm Red Hat Enterprise Linux WS (v. 4) / IA-32 binutils-2.15.92.0.2-15.i386.rpm Red Hat Enterprise Linux WS (v. 4) / IA-64 binutils-2.15.92.0.2-15.ia64.rpm Red Hat Enterprise Linux WS (v. 4) / x86_64 binutils-2.15.92.0.2-15.x86_64.rpm Red Hat Enterprise Linux AS (v. 2.1) / SRPMS binutils-2.11.90.0.8-12.5.src.rpm Red Hat Enterprise Linux AS (v. 2.1) / IA-32 binutils-2.11.90.0.8-12.5.i386.rpm Red Hat Enterprise Linux AS (v. 2.1) / IA-64 binutils-2.11.90.0.8-12.5.ia64.rpm Red Hat Enterprise Linux ES (v. 2.1) / SRPMS binutils-2.11.90.0.8-12.5.src.rpm Red Hat Enterprise Linux ES (v. 2.1) / IA-32 binutils-2.11.90.0.8-12.5.i386.rpm Red Hat Enterprise Linux WS (v. 2.1) / SRPMS binutils-2.11.90.0.8-12.5.src.rpm Red Hat Enterprise Linux WS (v. 2.1) / IA-32 binutils-2.11.90.0.8-12.5.i386.rpm Red Hat Linux Advanced Workstation 2.1 Itanium / SRPMS binutils-2.11.90.0.8-12.5.src.rpm Red Hat Linux Advanced Workstation 2.1 Itanium / IA-64 binutils-2.11.90.0.8-12.5.ia64.rpm Red Hat (gdb) Red Hat Desktop (v. 4) / SRPMS gdb-6.3.0.0-1.63.src.rpm Red Hat Desktop (v. 4) / IA-32 gdb-6.3.0.0-1.63.i386.rpm Red Hat Desktop (v. 4) / x86_64 gdb-6.3.0.0-1.63.x86_64.rpm Red Hat Enterprise Linux AS (v. 4) / SRPMS gdb-6.3.0.0-1.63.src.rpm Red Hat Enterprise Linux AS (v. 4) / IA-32 gdb-6.3.0.0-1.63.i386.rpm Red Hat Enterprise Linux AS (v. 4) / IA-64 gdb-6.3.0.0-1.63.i386.rpm gdb-6.3.0.0-1.63.ia64.rpm Red Hat Enterprise Linux AS (v. 4) / PPC gdb-6.3.0.0-1.63.ppc64.rpm Red Hat Enterprise Linux AS (v. 4) / s390 gdb-6.3.0.0-1.63.s390.rpm Red Hat Enterprise Linux AS (v. 4) / s390x gdb-6.3.0.0-1.63.s390x.rpm Red Hat Enterprise Linux AS (v. 4) / x86_64 gdb-6.3.0.0-1.63.x86_64.rpm Red Hat Enterprise Linux ES (v. 4) / SRPMS gdb-6.3.0.0-1.63.src.rpm Red Hat Enterprise Linux ES (v. 4) / IA-32 gdb-6.3.0.0-1.63.i386.rpm Red Hat Enterprise Linux ES (v. 4) / IA-64 gdb-6.3.0.0-1.63.i386.rpm gdb-6.3.0.0-1.63.ia64.rpm Red Hat Enterprise Linux ES (v. 4) / x86_64 gdb-6.3.0.0-1.63.x86_64.rpm Red Hat Enterprise Linux WS (v. 4) / SRPMS gdb-6.3.0.0-1.63.src.rpm Red Hat Enterprise Linux WS (v. 4) / IA-32 gdb-6.3.0.0-1.63.i386.rpm Red Hat Enterprise Linux WS (v. 4) / IA-64 gdb-6.3.0.0-1.63.i386.rpm gdb-6.3.0.0-1.63.ia64.rpm Red Hat Enterprise Linux WS (v. 4) / x86_64 gdb-6.3.0.0-1.63.x86_64.rpm Red Hat Enterprise Linux AS (v. 2.1) / SRPMS gdb-5.3.90-0.20030710.41.2.4.src.rpm Red Hat Enterprise Linux AS (v. 2.1) / IA-32 gdb-5.3.90-0.20030710.41.2.4.i386.rpm Red Hat Enterprise Linux AS (v. 2.1) / IA-64 gdb-5.3.90-0.20030710.41.2.4.ia64.rpm Red Hat Enterprise Linux ES (v. 2.1) / SRPMS gdb-5.3.90-0.20030710.41.2.4.src.rpm Red Hat Enterprise Linux ES (v. 2.1) / IA-32 gdb-5.3.90-0.20030710.41.2.4.i386.rpm Red Hat Enterprise Linux WS (v. 2.1) / SRPMS gdb-5.3.90-0.20030710.41.2.4.src.rpm Red Hat Enterprise Linux WS (v. 2.1) / IA-32 gdb-5.3.90-0.20030710.41.2.4.i386.rpm Red Hat Linux Advanced Workstation 2.1 Itanium / SRPMS gdb-5.3.90-0.20030710.41.2.4.src.rpm Red Hat Linux Advanced Workstation 2.1 Itanium / IA-64 gdb-5.3.90-0.20030710.41.2.4.ia64.rpm SGI Advanced Linux Environment 3 / RPM / Patch 10227 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS Advanced Linux Environment 3 / SRPM / Patch 10227 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS SGI Advanced Linux Environment 3 / RPM / Patch 10321 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS Advanced Linux Environment 3 / SRPM / Patch 10321 ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS
Identificadores estándar
Propiedad	Valor
CVE	CAN-2005-1704 CAN-2005-1705
BID
Recursos adicionales
Mandriva Security Advisories MDKSA-2005:095 http://www.mandriva.com/security/advisories?name=MDKSA-2005:095 Mandriva Security Advisory (MDKSA-2005:215) http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:215 Red Hat Security Advisory (RHSA-2005:659-9) https://rhn.redhat.com/errata/RHSA-2005-659.html Red Hat Security Advisory (RHSA-2005:709-6) https://rhn.redhat.com/errata/RHSA-2005-709.html Red Hat Security Advisory (RHSA-2005:673-5) https://rhn.redhat.com/errata/RHSA-2005-673.html Red Hat Security Advisory (RHSA-2005:763-2) https://rhn.redhat.com/errata/RHSA-2005-763.html Red Hat Security Advisory (RHSA-2005:801-4) https://rhn.redhat.com/errata/RHSA-2005-801.html SGI Security Advisory (20051002-01-U) ftp://patches.sgi.com/support/free/security/advisories/20051002-01-U.asc SGI Security Advisory (20060703-01-U) ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc

Histórico de versiones
Versión	Comentario	Fecha
1.0	Aviso emitido	2005-05-31
1.1	Aviso emitido por Red Hat (RHSA-2005:659-9)	2005-10-03
1.2	Avisos emitidos por Red Hat (RHSA-2005:709-6, RHSA-2005:673-5, RHSA-2005:763-2)	2005-10-18
1.3	Aviso emitido por SGI (20051002-01-U)	2005-10-21
1.4	Aviso emitido por Red Hat (RHSA-2005:801-4)	2005-10-25
1.5	Aviso emitido por Mandriva (MDKSA-2005:215)	2005-11-24
1.6	Aviso emitido por SGI (20060703-01-U)	2006-08-01

Boletines de Vulnerabilidades

Múltiples vulnerabilidades en gdb

Clasificación de la vulnerabilidad

Información sobre el sistema

Descripción

Solución

Identificadores estándar

Recursos adicionales

Histórico de versiones