Abrir sesión
logo

DEFENSA FRENTE A LAS CIBERAMENAZAS

barra-separadora

Boletines de Vulnerabilidades


Múltiples vulnerabilidades en gdb

Clasificación de la vulnerabilidad

Propiedad Valor
Nivel de Confianza Oficial
Impacto Aumento de privilegios
Dificultad Experto
Requerimientos del atacante Acceso remoto con cuenta

Información sobre el sistema

Propiedad Valor
Fabricante afectado GNU/Linux
Software afectado gdb < 6.3
binutils

Descripción

Se han descubierto dos vulnerabilidades en versiones anteriores a gdb 6.3 y binutils. Las vulnerabilidades son descritas a continuación:

- CAN-2005-1704: Desbordamiento de entero en la librería BFD. La vulnerabilidad reside en el manejo de un archivo objeto que especifique un gran número de cabeceras de sección, lo que podría resultar en un desbordamiento de búfer en la zona de heap. La explotación de esta vulnerabilidad podría permitir a un atacante local o remoto ejecutar código arbitrario mediante un archivo objeto especialmente diseñado.

- CAN-2005-1705: Vulnerabilidad en el manejo del archivo de configuración .gdbinit ya que gdb siempre intenta cargarlo del directorio de trabajo actual. La explotación de esta vulnerabilidad podría permitir a un atacante local ejecutar código arbitrario con los privilegios del usuario ejecutando gdb.

Solución



Actualización de software

Mandriva Linux (gdb)

Mandrakelinux 10.0
x86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/gdb-6.0-2.1.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/gdb-6.0-2.1.100mdk.src.rpm
AMD64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/gdb-6.0-2.1.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/gdb-6.0-2.1.100mdk.src.rpm

Mandrakelinux 10.1
x86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/gdb-6.2-2.1.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/gdb-6.2-2.1.101mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/gdb-6.2-2.1.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/gdb-6.2-2.1.101mdk.src.rpm

Corporate Server 2.1
x86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/gdb-5.3-24.1.C21mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/gdb-5.3-24.1.C21mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/gdb-5.3-24.1.C21mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/gdb-5.3-24.1.C21mdk.src.rpm

Corporate Server 3.0
x86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/gdb-6.0-2.1.C30mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/gdb-6.0-2.1.C30mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/gdb-6.0-2.1.C30mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/gdb-6.0-2.1.C30mdk.src.rpm

Mandrivalinux LE2005
x86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/gdb-6.3-3.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/gdb-6.3-3.1.102mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/gdb-6.3-3.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/gdb-6.3-3.1.102mdk.src.rpm

Mandriva (binutils)

Mandrakelinux 10.1
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/binutils-2.15.90.0.3-1.2.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libbinutils2-2.15.90.0.3-1.2.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libbinutils2-devel-2.15.90.0.3-1.2.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/binutils-2.15.90.0.3-1.2.101mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/binutils-2.15.90.0.3-1.2.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64binutils2-2.15.90.0.3-1.2.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64binutils2-devel-2.15.90.0.3-1.2.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/binutils-2.15.90.0.3-1.2.101mdk.src.rpm

Corporate Server 2.1
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/binutils-2.13.90.0.10-1.2.C21mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libbinutils2-2.13.90.0.10-1.2.C21mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/libbinutils2-devel-2.13.90.0.10-1.2.C21mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/binutils-2.13.90.0.10-1.2.C21mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/binutils-2.13.90.0.10-1.2.C21mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libbinutils2-2.13.90.0.10-1.2.C21mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/libbinutils2-devel-2.13.90.0.10-1.2.C21mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/binutils-2.13.90.0.10-1.2.C21mdk.src.rpm

Corporate Server 3.0
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/binutils-2.14.90.0.7-2.2.C30mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libbinutils2-2.14.90.0.7-2.2.C30mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libbinutils2-devel-2.14.90.0.7-2.2.C30mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/binutils-2.14.90.0.7-2.2.C30mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/binutils-2.14.90.0.7-2.2.C30mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64binutils2-2.14.90.0.7-2.2.C30mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64binutils2-devel-2.14.90.0.7-2.2.C30mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/binutils-2.14.90.0.7-2.2.C30mdk.src.rpm

Multi Network Firewall 2.0
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/RPMS/binutils-2.14.90.0.7-2.2.M20mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/RPMS/libbinutils2-2.14.90.0.7-2.2.M20mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/SRPMS/binutils-2.14.90.0.7-2.2.M20mdk.src.rpm

Mandrivalinux LE2005
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/binutils-2.15.92.0.2-6.2.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libbinutils2-2.15.92.0.2-6.2.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libbinutils2-devel-2.15.92.0.2-6.2.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/binutils-2.15.92.0.2-6.2.102mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/binutils-2.15.92.0.2-6.2.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64binutils2-2.15.92.0.2-6.2.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64binutils2-devel-2.15.92.0.2-6.2.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/binutils-2.15.92.0.2-6.2.102mdk.src.rpm

Red Hat (binutils)

Red Hat Desktop (v. 3) / SRPMS
binutils-2.14.90.0.4-39.src.rpm

Red Hat Desktop (v. 3) / IA-32
binutils-2.14.90.0.4-39.i386.rpm

Red Hat Desktop (v. 3) / x86_64
binutils-2.14.90.0.4-39.x86_64.rpm

Red Hat Enterprise Linux AS (v. 3) / SRPMS
binutils-2.14.90.0.4-39.src.rpm

Red Hat Enterprise Linux AS (v. 3) / IA-32
binutils-2.14.90.0.4-39.i386.rpm

Red Hat Enterprise Linux AS (v. 3) / IA-64
binutils-2.14.90.0.4-39.ia64.rpm

Red Hat Enterprise Linux AS (v. 3) / PPC
binutils-2.14.90.0.4-39.ppc.rpm

Red Hat Enterprise Linux AS (v. 3) / s390
binutils-2.14.90.0.4-39.s390.rpm

Red Hat Enterprise Linux AS (v. 3) / s390x
binutils-2.14.90.0.4-39.s390x.rpm

Red Hat Enterprise Linux AS (v. 3) / x86_64
binutils-2.14.90.0.4-39.x86_64.rpm

Red Hat Enterprise Linux ES (v. 3) / SRPMS
binutils-2.14.90.0.4-39.src.rpm

Red Hat Enterprise Linux ES (v. 3) / IA-32
binutils-2.14.90.0.4-39.i386.rpm

Red Hat Enterprise Linux ES (v. 3) / IA-64
binutils-2.14.90.0.4-39.ia64.rpm

Red Hat Enterprise Linux ES (v. 3) / x86_64
binutils-2.14.90.0.4-39.x86_64.rpm

Red Hat Enterprise Linux WS (v. 3) / SRPMS
binutils-2.14.90.0.4-39.src.rpm

Red Hat Enterprise Linux WS (v. 3) / IA-32
binutils-2.14.90.0.4-39.i386.rpm

Red Hat Enterprise Linux WS (v. 3) / IA-64
binutils-2.14.90.0.4-39.ia64.rpm

Red Hat Enterprise Linux WS (v. 3) / x86_64
binutils-2.14.90.0.4-39.x86_64.rpm

Red Hat Desktop (v. 4) / SRPMS
binutils-2.15.92.0.2-15.src.rpm

Red Hat Desktop (v. 4) / IA-32
binutils-2.15.92.0.2-15.i386.rpm

Red Hat Desktop (v. 4) / x86_64
binutils-2.15.92.0.2-15.x86_64.rpm

Red Hat Enterprise Linux AS (v. 4) / SRPMS
binutils-2.15.92.0.2-15.src.rpm

Red Hat Enterprise Linux AS (v. 4) / IA-32
binutils-2.15.92.0.2-15.i386.rpm

Red Hat Enterprise Linux AS (v. 4) / IA-64
binutils-2.15.92.0.2-15.ia64.rpm

Red Hat Enterprise Linux AS (v. 4) / PPC
binutils-2.15.92.0.2-15.ppc.rpm

Red Hat Enterprise Linux AS (v. 4) / s390
binutils-2.15.92.0.2-15.s390.rpm

Red Hat Enterprise Linux AS (v. 4) / s390x
binutils-2.15.92.0.2-15.s390x.rpm

Red Hat Enterprise Linux AS (v. 4) / x86_64
binutils-2.15.92.0.2-15.x86_64.rpm

Red Hat Enterprise Linux ES (v. 4) / SRPMS
binutils-2.15.92.0.2-15.src.rpm

Red Hat Enterprise Linux ES (v. 4) / IA-32
binutils-2.15.92.0.2-15.i386.rpm

Red Hat Enterprise Linux ES (v. 4) / IA-64
binutils-2.15.92.0.2-15.ia64.rpm

Red Hat Enterprise Linux ES (v. 4) / x86_64
binutils-2.15.92.0.2-15.x86_64.rpm

Red Hat Enterprise Linux WS (v. 4) / SRPMS
binutils-2.15.92.0.2-15.src.rpm

Red Hat Enterprise Linux WS (v. 4) / IA-32
binutils-2.15.92.0.2-15.i386.rpm

Red Hat Enterprise Linux WS (v. 4) / IA-64
binutils-2.15.92.0.2-15.ia64.rpm

Red Hat Enterprise Linux WS (v. 4) / x86_64
binutils-2.15.92.0.2-15.x86_64.rpm

Red Hat Enterprise Linux AS (v. 2.1) / SRPMS
binutils-2.11.90.0.8-12.5.src.rpm

Red Hat Enterprise Linux AS (v. 2.1) / IA-32
binutils-2.11.90.0.8-12.5.i386.rpm

Red Hat Enterprise Linux AS (v. 2.1) / IA-64
binutils-2.11.90.0.8-12.5.ia64.rpm

Red Hat Enterprise Linux ES (v. 2.1) / SRPMS
binutils-2.11.90.0.8-12.5.src.rpm

Red Hat Enterprise Linux ES (v. 2.1) / IA-32
binutils-2.11.90.0.8-12.5.i386.rpm

Red Hat Enterprise Linux WS (v. 2.1) / SRPMS
binutils-2.11.90.0.8-12.5.src.rpm

Red Hat Enterprise Linux WS (v. 2.1) / IA-32
binutils-2.11.90.0.8-12.5.i386.rpm

Red Hat Linux Advanced Workstation 2.1 Itanium / SRPMS
binutils-2.11.90.0.8-12.5.src.rpm

Red Hat Linux Advanced Workstation 2.1 Itanium / IA-64
binutils-2.11.90.0.8-12.5.ia64.rpm

Red Hat (gdb)

Red Hat Desktop (v. 4) / SRPMS
gdb-6.3.0.0-1.63.src.rpm

Red Hat Desktop (v. 4) / IA-32
gdb-6.3.0.0-1.63.i386.rpm

Red Hat Desktop (v. 4) / x86_64
gdb-6.3.0.0-1.63.x86_64.rpm

Red Hat Enterprise Linux AS (v. 4) / SRPMS
gdb-6.3.0.0-1.63.src.rpm

Red Hat Enterprise Linux AS (v. 4) / IA-32
gdb-6.3.0.0-1.63.i386.rpm

Red Hat Enterprise Linux AS (v. 4) / IA-64
gdb-6.3.0.0-1.63.i386.rpm
gdb-6.3.0.0-1.63.ia64.rpm

Red Hat Enterprise Linux AS (v. 4) / PPC
gdb-6.3.0.0-1.63.ppc64.rpm

Red Hat Enterprise Linux AS (v. 4) / s390
gdb-6.3.0.0-1.63.s390.rpm

Red Hat Enterprise Linux AS (v. 4) / s390x
gdb-6.3.0.0-1.63.s390x.rpm

Red Hat Enterprise Linux AS (v. 4) / x86_64
gdb-6.3.0.0-1.63.x86_64.rpm

Red Hat Enterprise Linux ES (v. 4) / SRPMS
gdb-6.3.0.0-1.63.src.rpm

Red Hat Enterprise Linux ES (v. 4) / IA-32
gdb-6.3.0.0-1.63.i386.rpm

Red Hat Enterprise Linux ES (v. 4) / IA-64
gdb-6.3.0.0-1.63.i386.rpm
gdb-6.3.0.0-1.63.ia64.rpm

Red Hat Enterprise Linux ES (v. 4) / x86_64
gdb-6.3.0.0-1.63.x86_64.rpm

Red Hat Enterprise Linux WS (v. 4) / SRPMS
gdb-6.3.0.0-1.63.src.rpm

Red Hat Enterprise Linux WS (v. 4) / IA-32
gdb-6.3.0.0-1.63.i386.rpm

Red Hat Enterprise Linux WS (v. 4) / IA-64
gdb-6.3.0.0-1.63.i386.rpm
gdb-6.3.0.0-1.63.ia64.rpm

Red Hat Enterprise Linux WS (v. 4) / x86_64
gdb-6.3.0.0-1.63.x86_64.rpm

Red Hat Enterprise Linux AS (v. 2.1) / SRPMS
gdb-5.3.90-0.20030710.41.2.4.src.rpm

Red Hat Enterprise Linux AS (v. 2.1) / IA-32
gdb-5.3.90-0.20030710.41.2.4.i386.rpm

Red Hat Enterprise Linux AS (v. 2.1) / IA-64
gdb-5.3.90-0.20030710.41.2.4.ia64.rpm

Red Hat Enterprise Linux ES (v. 2.1) / SRPMS
gdb-5.3.90-0.20030710.41.2.4.src.rpm

Red Hat Enterprise Linux ES (v. 2.1) / IA-32
gdb-5.3.90-0.20030710.41.2.4.i386.rpm

Red Hat Enterprise Linux WS (v. 2.1) / SRPMS
gdb-5.3.90-0.20030710.41.2.4.src.rpm

Red Hat Enterprise Linux WS (v. 2.1) / IA-32
gdb-5.3.90-0.20030710.41.2.4.i386.rpm

Red Hat Linux Advanced Workstation 2.1 Itanium / SRPMS
gdb-5.3.90-0.20030710.41.2.4.src.rpm

Red Hat Linux Advanced Workstation 2.1 Itanium / IA-64
gdb-5.3.90-0.20030710.41.2.4.ia64.rpm

SGI
Advanced Linux Environment 3 / RPM / Patch 10227
ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS
Advanced Linux Environment 3 / SRPM / Patch 10227
ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS

SGI
Advanced Linux Environment 3 / RPM / Patch 10321
ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS
Advanced Linux Environment 3 / SRPM / Patch 10321
ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS

Identificadores estándar

Propiedad Valor
CVE CAN-2005-1704
CAN-2005-1705
BID NULL

Recursos adicionales

Mandriva Security Advisories MDKSA-2005:095
http://www.mandriva.com/security/advisories?name=MDKSA-2005:095

Mandriva Security Advisory (MDKSA-2005:215)
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2005:215

Red Hat Security Advisory (RHSA-2005:659-9)
https://rhn.redhat.com/errata/RHSA-2005-659.html

Red Hat Security Advisory (RHSA-2005:709-6)
https://rhn.redhat.com/errata/RHSA-2005-709.html

Red Hat Security Advisory (RHSA-2005:673-5)
https://rhn.redhat.com/errata/RHSA-2005-673.html

Red Hat Security Advisory (RHSA-2005:763-2)
https://rhn.redhat.com/errata/RHSA-2005-763.html

Red Hat Security Advisory (RHSA-2005:801-4)
https://rhn.redhat.com/errata/RHSA-2005-801.html

SGI Security Advisory (20051002-01-U)
ftp://patches.sgi.com/support/free/security/advisories/20051002-01-U.asc

SGI Security Advisory (20060703-01-U)
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc

Histórico de versiones

Versión Comentario Fecha
1.0 Aviso emitido 2005-05-31
1.1 Aviso emitido por Red Hat (RHSA-2005:659-9) 2005-10-03
1.2 Avisos emitidos por Red Hat (RHSA-2005:709-6, RHSA-2005:673-5, RHSA-2005:763-2) 2005-10-18
1.3 Aviso emitido por SGI (20051002-01-U) 2005-10-21
1.4 Aviso emitido por Red Hat (RHSA-2005:801-4) 2005-10-25
1.5 Aviso emitido por Mandriva (MDKSA-2005:215) 2005-11-24
1.6 Aviso emitido por SGI (20060703-01-U) 2006-08-01
Volver

Este sitio web utiliza cookies propias y de terceros para el correcto funcionamiento y visualización del sitio web por parte del usuario, así como la recogida de estadísticas. Si continúa navegando, consideramos que acepta su uso. Puede cambiar la configuración u obtener más información. Modificar configuración