LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

gdb: code execution

Package(s):gdb CVE #(s):CVE-2011-4355
Created:August 17, 2012 Updated:March 11, 2013
Description:

From the Red Hat advisory:

It was discovered the the GNU Debugger (gdb) would load untrusted files from the current working directory when .debug_gdb_scripts was defined. While this was a design decision, it is an insecure one and users who do not pre-inspect untrusted files may execute arbitrary code with their privileges.

Alerts:
Fedora FEDORA-2012-6614 2012-08-17
Red Hat RHSA-2013:0522-02 2013-02-21
Oracle ELSA-2013-0522 2013-02-25
Scientific Linux SL-gdb-20130228 2013-02-28
CentOS CESA-2013:0522 2013-03-09
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds