what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice 135-1

Ubuntu Security Notice 135-1
Posted Aug 14, 2005
Authored by Ubuntu | Site ubuntu.com

Ubuntu Security Notice USN-135-1 - Tavis Ormandy found an integer overflow in the GNU debugger. By tricking an user into merely load a specially crafted executable, an attacker could exploit this to execute arbitrary code with the privileges of the user running gdb. However, loading untrusted binaries without actually executing them is rather uncommon, so the risk of this flaw is low.

tags | advisory, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2005-1704, CVE-2005-1705
SHA-256 | 7c5648a058e7e4ca8c24ec362c6206594c7b7ce477081ef5cb8e23dfe0b87b5b

Ubuntu Security Notice 135-1

Change Mirror Download
===========================================================
Ubuntu Security Notice USN-135-1 May 27, 2005
gdb vulnerabilities
CAN-2005-1704, CAN-2005-1705
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

gdb

The problem can be corrected by upgrading the affected package to
version 6.1-3ubuntu0.1 (for Ubuntu 4.10), or 6.3-5ubuntu1.1 (for
Ubuntu 5.04). In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

Tavis Ormandy found an integer overflow in the GNU debugger. By
tricking an user into merely load a specially crafted executable, an
attacker could exploit this to execute arbitrary code with the
privileges of the user running gdb. However, loading untrusted
binaries without actually executing them is rather uncommon, so the
risk of this flaw is low. (CAN-2005-1704)

Tavis Ormandy also discovered that gdb loads and executes the file
".gdbinit" in the current directory even if the file belongs to a
different user. By tricking an user into run gdb in a directory with a
malicious .gdbinit file, a local attacker could exploit this to run
arbitrary commands with the privileges of the user invoking gdb.
(CAN-2005-1705)


Updated packages for Ubuntu 4.10 (Warty Warthog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.1-3ubuntu0.1.diff.gz
Size/MD5: 121937 5ecb8a37380fb8f96773527bc5b386bc
http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.1-3ubuntu0.1.dsc
Size/MD5: 782 68c9d10a3ee6274d001c49d5233b88ca
http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.1.orig.tar.gz
Size/MD5: 16693869 f707d21f5a3e963ce059caed75e899a2

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.1-3ubuntu0.1_amd64.deb
Size/MD5: 2737380 bb0de70cfc7b7aa814e2860124c91c6d

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.1-3ubuntu0.1_i386.deb
Size/MD5: 2403326 492f0103c85a726ba748788bf097592c

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.1-3ubuntu0.1_powerpc.deb
Size/MD5: 3747906 88f4da50a99596f5723c9acb596026f6

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.3-5ubuntu1.1.diff.gz
Size/MD5: 152409 15724d0389095cd77749d9d323600e87
http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.3-5ubuntu1.1.dsc
Size/MD5: 837 cee3bc5743823b718199294ce4c22588
http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.3.orig.tar.gz
Size/MD5: 17374476 812de9e756d53c749ea5516d9ffa5905

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.3-5ubuntu1.1_amd64.deb
Size/MD5: 2951872 0da1a71bd8ed90219fb3ce88823e178a

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.3-5ubuntu1.1_i386.deb
Size/MD5: 2648228 1bd3001a609d0122b45c018b64150498

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.3-5ubuntu1.1_powerpc.deb
Size/MD5: 4046246 6769a82f244d229077bb9ed6b1667cf4
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close