Local File Inclusion Vulnerability in GNU Project Debugger GDB by Red Hat
CVE-2011-4355

Currently unrated

Key Information:

Vendor: Gnu
Status: Gdb
Vendor: CVE Published:; 5 March 2013

Summary

The GNU Project Debugger (GDB) prior to version 7.5 is susceptible to a local file inclusion vulnerability. This vulnerability arises when the .debug_gdb_scripts is defined, allowing the debugger to automatically load certain specified files from the current working directory. Local users can exploit this flaw to gain elevated privileges through the use of maliciously crafted files, such as specially designed Python scripts, thereby compromising the security of the system.

References

http://rhn.redhat.com/errata/RHSA-2013-0522.html

vendor-advisoryx_refsource_REDHAT

http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html

mailing-listx_refsource_MLIST

http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Mar 5, 2013
Vulnerability Reserved
Nov 4, 2011