fkie_nvd - fkie_cve-2011-4355

fkie_cve-2011-4355

Vulnerability from fkie_nvd

Published

2013-03-05 21:38

Modified

2025-04-11 00:51

Severity ?

Summary

GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts.

References

	URL	Tags
	secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2013-0522.html
	secalert@redhat.com	http://sourceware.org/cgi-bin/cvsweb.cgi/~checkout~/src/gdb/NEWS?content-type=text/x-cvsweb-markup&cvsroot=src
	secalert@redhat.com	http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html
	secalert@redhat.com	http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html
	secalert@redhat.com	http://www.securitytracker.com/id/1028191
	af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2013-0522.html
	af854a3a-2127-422b-91ae-364da2661108	http://sourceware.org/cgi-bin/cvsweb.cgi/~checkout~/src/gdb/NEWS?content-type=text/x-cvsweb-markup&cvsroot=src
	af854a3a-2127-422b-91ae-364da2661108	http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html
	af854a3a-2127-422b-91ae-364da2661108	http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1028191

Impacted products

Vendor	Product	Version
gnu	gdb	*
gnu	gdb	4.18
gnu	gdb	5.0
gnu	gdb	5.0.92
gnu	gdb	5.0.93
gnu	gdb	5.1
gnu	gdb	5.1.1
gnu	gdb	5.2
gnu	gdb	5.2.1
gnu	gdb	5.3
gnu	gdb	6.0
gnu	gdb	6.1
gnu	gdb	6.1.1
gnu	gdb	6.2
gnu	gdb	6.2.1
gnu	gdb	6.3
gnu	gdb	6.4
gnu	gdb	6.5
gnu	gdb	6.6
gnu	gdb	6.7
gnu	gdb	6.7.1
gnu	gdb	6.8
gnu	gdb	7.0
gnu	gdb	7.0.1
gnu	gdb	7.1
gnu	gdb	7.2
gnu	gdb	7.3
gnu	gdb	7.3.1
gnu	gdb	7.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:gdb:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "00292181-9124-4455-8D89-4DA98B18D55F",
              "versionEndIncluding": "7.4.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:4.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DFDC526-7E5F-4A20-8E57-B66F1D38DE05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16D34C25-D05C-451C-88E2-24F81FCAC422",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:5.0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "E446F5DE-2CE0-4BCB-90E2-7784C1B7FF87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:5.0.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AA539B4-EECD-4ACA-A6A0-CC2F227327F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFDA6059-74D7-42F8-9050-4FE799BC5493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D1FF5DD-EA08-42BE-B15F-77471A789E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "79450E0C-9A5E-4B7B-A3C0-62EB53F88402",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B398336-87F4-4230-AECF-B171F1D35B55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EC829F2-A2EA-4D9F-9C1C-CA601A6B913C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "476AE5E9-497C-487F-BF1B-D6A71E768E82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EFF01B6-4DBE-4E1E-A3DD-761D255B6457",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "96463304-7618-4DC4-BC7F-20C8BB867115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D90AB7BE-2537-4E43-B156-BDCD637A7CFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A3D4325-5DCA-4C46-974E-888028ABCC64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BECA9331-7A36-42A0-AEE9-E7C2E8180AA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5C0145F-191A-483A-A3F0-6E6935F04B32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AF78BF4-DAE9-4BA2-8146-0DAABEBFB9B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "62785B32-8CEA-45D1-88B8-F43C55B9FE00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "63EB885C-5FAE-4F70-90EC-5851EEDADB24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:6.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B764BB01-D369-4380-AAF3-10CDD25CE28D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "C56500AB-7F96-4708-8C17-11CDF97770D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46D9CAAB-5BFD-4E2B-88A0-3101E7A9696A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E9E8E80-C8E7-41B7-94B0-EE4D7926193B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB6DB5FA-DD3D-4C0D-BA11-EF7DF9E18702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E10B8AA-22C9-48AC-89F6-A68ADB51F956",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "80C4BFA4-642F-48FB-8EA1-533C3A2F5322",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:7.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD613C2F-98F9-4C0D-98E8-B04E0437B248",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gdb:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3AB084-7C89-44CA-9B56-BA061430DF3E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts."
    },
    {
      "lang": "es",
      "value": "GNU Project Debugger (GDB) anterior a v7.5, cuando se define  .debug_gdb_scripts, carga autom\u00e1ticamente ciertos archivos en el directorio de trabajo actual, permitiendo a usuarios locales obtener privilegios a trav\u00e9s de ficheros elaborados, tales como scripts en Python."
    }
  ],
  "id": "CVE-2011-4355",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-03-05T21:38:53.887",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0522.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sourceware.org/cgi-bin/cvsweb.cgi/~checkout~/src/gdb/NEWS?content-type=text/x-cvsweb-markup\u0026cvsroot=src"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1028191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0522.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceware.org/cgi-bin/cvsweb.cgi/~checkout~/src/gdb/NEWS?content-type=text/x-cvsweb-markup\u0026cvsroot=src"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1028191"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2011-4355 (GCVE-0-2011-4355)

Vulnerability from cvelistv5

Published

2013-03-04 21:00