Date: Mon, 28 Nov 2011 09:53:37 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE assigned for gdb: arbitrary code execution via .debug_gdb_scripts This issue is now public. gdb: arbitrary code execution via .debug_gdb_scripts https://bugzilla.redhat.com/show_bug.cgi?id=703238 Vincent Danen It was discovered , the the GNU Debugger (gdb) would load untrusted files from the current working directory when .debug_gdb_scripts was defined. While this was a design decision, it is an insecure one and users who do not pre-inspect untrusted files may execute arbitrary code with their privileges.  http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html  http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html This issue has been assigned CVE-2011-4355 -- -Kurt Seifried / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.