CVE-2005-1704
Summary
| CVE | CVE-2005-1704 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2005-05-24 04:00:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
LocalAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
PartialAV:L/AC:L/Au:N/C:P/I:P/A:P
NVD Known Affected Configurations (CPE 2.3)
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| ASA-2006-178 (RHSA-2006-0368) | af854a3a-2127-422b-91ae-364da2661108 | support.avaya.com | |
| Secunia - Advisories - Red Hat update for gdb | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| rhn.redhat.com | Red Hat Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Vendor Advisory |
| ASA-2006-015 (RHSA-2005-801) | af854a3a-2127-422b-91ae-364da2661108 | support.avaya.com | |
| Red Hat update for elfutils - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| SecurityTracker.com Archives - GNU Project Debugger (GDB) Integer Overflow in Binary File Descriptor Library May Permit Code Execution | af854a3a-2127-422b-91ae-364da2661108 | securitytracker.com | |
| Gentoo Linux Documentation -- Binutils, elfutils: Buffer overflow | af854a3a-2127-422b-91ae-364da2661108 | www.gentoo.org | |
| GDB Multiple Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| VMware ESX Server Multiple Vulnerabilities - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| Download Patch ESX-55052 for VMware ESX Server 3.0.0 | af854a3a-2127-422b-91ae-364da2661108 | www.vmware.com | |
| Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Vendor Advisory |
| rhn.redhat.com | Red Hat Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Vendor Advisory |
| Gentoo Linux Documentation -- gdb: Multiple vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | Vendor Advisory |
| Secunia - Advisories - Ubuntu update for binutils/binutils-multiarch | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Vendor Advisory |
| USN-136-1: binutils vulnerability | Ubuntu security notices | af854a3a-2127-422b-91ae-364da2661108 | usn.ubuntu.com | |
| Secunia - Advisories - Avaya Products BFD Integer Overflow Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| Advisories - Mandriva | af854a3a-2127-422b-91ae-364da2661108 | www.mandriva.com | |
| Secunia - Advisories - Fedora update for gdb | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| SGI Advanced Linux Environment Multiple Updates - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| Webmail - OVH | af854a3a-2127-422b-91ae-364da2661108 | www.vupen.com | Vendor Advisory |
| Secunia - Advisories - Mandriva update for binutils | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| www.trustix.org/errata/2005/0025 | af854a3a-2127-422b-91ae-364da2661108 | www.trustix.org | |
| Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | |
| Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | |
| Secunia - Advisories - Red Hat update for binutils | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| Gentoo Bug 91398 - sys-devel/binutils: heap overflow | af854a3a-2127-422b-91ae-364da2661108 | bugs.gentoo.org | |
| patches.sgi.com/support/free/security/advisories/20060703-01-U.asc | af854a3a-2127-422b-91ae-364da2661108 | patches.sgi.com | |
| Avaya Products elfutils Vulnerability - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| www.osvdb.org/16757 | af854a3a-2127-422b-91ae-364da2661108 | www.osvdb.org | |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | |
| rhn.redhat.com | Red Hat Support | af854a3a-2127-422b-91ae-364da2661108 | www.redhat.com | Vendor Advisory |
| Home - Conectiva | af854a3a-2127-422b-91ae-364da2661108 | distro.conectiva.com.br | |
| support.avaya.com/elmodocs2/security/ASA-2005-222.pdf | af854a3a-2127-422b-91ae-364da2661108 | support.avaya.com | |
| Advisories - Mandriva Linux | af854a3a-2127-422b-91ae-364da2661108 | www.mandriva.com | |
| Secunia - Advisories - Avaya gdb Integer Overflow and Insecure Initialisation File Handling | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| Secunia - Advisories - SGI Advanced Linux Environment Multiple Updates | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| SecurityFocus | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|---|---|---|
| Red Hat | 2007-03-14 | Mark J Cox | Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. |
There are currently no legacy QID mappings associated with this CVE.