oss-sec mailing list archives
CVE assigned for gdb: arbitrary code execution via .debug_gdb_scripts
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 28 Nov 2011 09:53:37 -0700
This issue is now public. gdb: arbitrary code execution via .debug_gdb_scripts https://bugzilla.redhat.com/show_bug.cgi?id=703238 Vincent Danen It was discovered [1],[2] the the GNU Debugger (gdb) would load untrusted files from the current working directory when .debug_gdb_scripts was defined. While this was a design decision, it is an insecure one and users who do not pre-inspect untrusted files may execute arbitrary code with their privileges. [1] http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html [2] http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html This issue has been assigned CVE-2011-4355 -- -Kurt Seifried / Red Hat Security Response Team
Current thread:
- CVE assigned for gdb: arbitrary code execution via .debug_gdb_scripts Kurt Seifried (Nov 28)