Info

Disclosure

May 20, 2005

Discovery

May 04, 2005

Dates

Exploit

May 20, 2005

Solution

Unknown

Description

A local overflow exists in in GDB, the GNU debugger. The BFD library contains an integer overflow which can result in a heap overflow. With a specially crafted file, an attacker can cause escalated privileges resulting in a loss of confidentiality.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Upgrade to version 6.3-r3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

GNU

GDB

6.3

References

Secunia Advisory ID: 15449 15467 15565 15575
Related OSVDB ID: 16351 16758
Generic Exploit URL: http://bugs.gentoo.org/attachment.cgi?id=57996
Other Solution URL: http://bugs.gentoo.org/attachment.cgi?id=58482&action=view
Other Advisory URL: http://security.gentoo.org/glsa/glsa-200505-15.xml
http://www.gentoo.org/security/en/glsa/glsa-200506-01.xml
http://www.trustix.org/errata/2005/0025/
Vendor Specific Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-135-1

Credit

Tavis Ormandy - tavisogoogle.com - Google Information Security Team

Direct URL: http://osvdb.org/16757