Page 2 of 9 results (0.006 seconds)

CVSS: 6.9EPSS: 0%CPEs: 29EXPL: 0

CVE-2011-4355 – gdb: object file .debug_gdb_scripts section improper input validation

https://notcve.org/view.php?id=CVE-2011-4355

GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts. GNU Project Debugger (GDB) anterior a v7.5, cuando se define .debug_gdb_scripts, carga automáticamente ciertos archivos en el directorio de trabajo actual, permitiendo a usuarios locales obtener privilegios a través de ficheros elaborados, tales como scripts en Python. • http://rhn.redhat.com/errata/RHSA-2013-0522.html http://sourceware.org/cgi-bin/cvsweb.cgi/~checkout~/src/gdb/NEWS?content-type=text/x-cvsweb-markup&cvsroot=src http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html http://www.securitytracker.com/id/1028191 https://access.redhat.com/security/cve/CVE-2011-4355 https://bugzilla.redhat.com/show_bug.cgi?id=703238 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2006-4146 – GDB buffer overflow

https://notcve.org/view.php?id=CVE-2006-4146

Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_block) that contains a large number of operations. Desbordamiento de búfer en el código de depuración (1) DWARF (dwarfread.c) y (2) DWARF2 (dwarf2read.c) en GNU Debugger (GDB) 6.5 permite a atacantes con la intervención del usuario, o a usuarios restringidos, ejecutar código de su elección mediante un archivo creado artesanalmente con un bloque de posición (DW_FORM_block) que contenga un gran número de operaciones. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://docs.info.apple.com/article.html?artnum=304669 http://lists.apple.com/archives/security-announce/2006/Oct/msg00000.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html http://secunia.com/advisories/21713 http://secunia.com/advisories/22205 http://secunia.com/advisories/22662 http://secunia.com/advisories/25098 http://secunia.com/advisories/25632 http://secunia.com/advisorie • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2005-1705

https://notcve.org/view.php?id=CVE-2005-1705

gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb. • http://bugs.gentoo.org/show_bug.cgi?id=88398 http://secunia.com/advisories/17072 http://secunia.com/advisories/17356 http://secunia.com/advisories/18506 http://security.gentoo.org/glsa/glsa-200505-15.xml http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm http://www.mandriva.com/security/advisories?name=MDKSA-2005:095 http://www.redhat.com/support/errata/RHSA-2005-709.html http://www.redhat.com/support/errata/RHSA-2005-801.html https://oval.cisecurity.org/re •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

CVE-2005-1704

https://notcve.org/view.php?id=CVE-2005-1704

Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow. • ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc http://bugs.gentoo.org/show_bug.cgi?id=91398 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001060 http://secunia.com/advisories/15527 http://secunia.com/advisories/17001 http://secunia.com/advisories/17072 http://secunia.com/advisories/17135 http://secunia.com/advisories/17257 http://secunia.com/advisories/17356 http://secunia.com/advisories/17718 http://secunia.com/advisories/18506 http • CWE-189: Numeric Errors •