CVE-2005-1705
CVSS7.2
发布时间 :2005-05-24 00:00:00
修订时间 :2010-08-21 00:29:24
NMCOP    

[原文]gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.


[CNNVD]GDB多个漏洞(CNNVD-200505-1172)

        gdb的6.3之前版本搜索当前工作目录来导入.gdbinit配置文件,本地用户可以在用户运行gdb时执行任意命令。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11072gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1705
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1705
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-1172
(官方数据源) CNNVD

- 其它链接及资源

http://www.redhat.com/support/errata/RHSA-2005-801.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:801
http://www.redhat.com/support/errata/RHSA-2005-709.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:709
http://www.mandriva.com/security/advisories?name=MDKSA-2005:095
(VENDOR_ADVISORY)  MANDRAKE  MDKSA-2005:095
http://secunia.com/advisories/17072
(VENDOR_ADVISORY)  SECUNIA  17072
http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm
(UNKNOWN)  SECUNIA  18506
http://security.gentoo.org/glsa/glsa-200505-15.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200505-15
http://secunia.com/advisories/17356
(UNKNOWN)  SECUNIA  17356
http://bugs.gentoo.org/show_bug.cgi?id=88398
(UNKNOWN)  CONFIRM  http://bugs.gentoo.org/show_bug.cgi?id=88398

- 漏洞信息

GDB多个漏洞
高危 资料不足
2005-05-24 00:00:00 2007-02-08 00:00:00
远程※本地  
        gdb的6.3之前版本搜索当前工作目录来导入.gdbinit配置文件,本地用户可以在用户运行gdb时执行任意命令。

- 公告与补丁

        暂无数据

- 漏洞信息 (F39338)

Ubuntu Security Notice 135-1 (PacketStormID:F39338)
2005-08-14 00:00:00
Ubuntu  ubuntu.com
advisory,overflow,arbitrary
linux,ubuntu
CVE-2005-1704,CVE-2005-1705
[点击下载]

Ubuntu Security Notice USN-135-1 - Tavis Ormandy found an integer overflow in the GNU debugger. By tricking an user into merely load a specially crafted executable, an attacker could exploit this to execute arbitrary code with the privileges of the user running gdb. However, loading untrusted binaries without actually executing them is rather uncommon, so the risk of this flaw is low.

===========================================================
Ubuntu Security Notice USN-135-1	       May 27, 2005
gdb vulnerabilities
CAN-2005-1704, CAN-2005-1705
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

gdb

The problem can be corrected by upgrading the affected package to
version 6.1-3ubuntu0.1 (for Ubuntu 4.10), or 6.3-5ubuntu1.1 (for
Ubuntu 5.04).  In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

Tavis Ormandy found an integer overflow in the GNU debugger. By
tricking an user into merely load a specially crafted executable, an
attacker could exploit this to execute arbitrary code with the
privileges of the user running gdb. However, loading untrusted
binaries without actually executing them is rather uncommon, so the
risk of this flaw is low. (CAN-2005-1704)

Tavis Ormandy also discovered that gdb loads and executes the file
".gdbinit" in the current directory even if the file belongs to a
different user. By tricking an user into run gdb in a directory with a
malicious .gdbinit file, a local attacker could exploit this to run
arbitrary commands with the privileges of the user invoking gdb.
(CAN-2005-1705)


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.1-3ubuntu0.1.diff.gz
      Size/MD5:   121937 5ecb8a37380fb8f96773527bc5b386bc
    http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.1-3ubuntu0.1.dsc
      Size/MD5:      782 68c9d10a3ee6274d001c49d5233b88ca
    http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.1.orig.tar.gz
      Size/MD5: 16693869 f707d21f5a3e963ce059caed75e899a2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.1-3ubuntu0.1_amd64.deb
      Size/MD5:  2737380 bb0de70cfc7b7aa814e2860124c91c6d

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.1-3ubuntu0.1_i386.deb
      Size/MD5:  2403326 492f0103c85a726ba748788bf097592c

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.1-3ubuntu0.1_powerpc.deb
      Size/MD5:  3747906 88f4da50a99596f5723c9acb596026f6

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.3-5ubuntu1.1.diff.gz
      Size/MD5:   152409 15724d0389095cd77749d9d323600e87
    http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.3-5ubuntu1.1.dsc
      Size/MD5:      837 cee3bc5743823b718199294ce4c22588
    http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.3.orig.tar.gz
      Size/MD5: 17374476 812de9e756d53c749ea5516d9ffa5905

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.3-5ubuntu1.1_amd64.deb
      Size/MD5:  2951872 0da1a71bd8ed90219fb3ce88823e178a

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.3-5ubuntu1.1_i386.deb
      Size/MD5:  2648228 1bd3001a609d0122b45c018b64150498

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.3-5ubuntu1.1_powerpc.deb
      Size/MD5:  4046246 6769a82f244d229077bb9ed6b1667cf4
    

- 漏洞信息

16758
GDB Initialisation File Sourcing Insecure File Handling
Local Access Required Input Manipulation
Loss of Confidentiality
Exploit Public Vendor Verified

- 漏洞描述

GDB, the GNU debugger contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the GDB reads the .gdbinit file from the current working directory. If a privileged user can be tricked to run GDB in another user's directory, and the current working directory contains a malicious .gdbinit, an attacker could gain escalated privileges.

- 时间线

2005-05-20 2005-04-08
Unknow Unknow

- 解决方案

Upgrade to version 6.3-r3 or higher, as it has been reported to fix this vulnerability.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站