CVE-2005-1704

Summary

CVE	CVE-2005-1704
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2005-05-24 04:00:00 UTC
Updated	2018-10-19 15:31:00 UTC
Description	Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow.

Risk And Classification

Problem Types: CWE-189

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Gnu	Gdb	All	r2	All	All

References

Reference	Source	Link	Tags
Repository / Oval Repository	OVAL	oval.cisecurity.org
Secunia - Advisories - Red Hat update for binutils	SECUNIA	secunia.com	Vendor Advisory
SecurityFocus	BUGTRAQ	www.securityfocus.com
Gentoo Bug 91398 - sys-devel/binutils: heap overflow	CONFIRM	bugs.gentoo.org
Download Patch ESX-55052 for VMware ESX Server 3.0.0	CONFIRM	www.vmware.com
Gentoo Linux Documentation -- Binutils, elfutils: Buffer overflow	GENTOO	www.gentoo.org
Secunia - Advisories - Fedora update for gdb	SECUNIA	secunia.com	Vendor Advisory
ASA-2006-178 (RHSA-2006-0368)	CONFIRM	support.avaya.com
Secunia - Advisories - SGI Advanced Linux Environment Multiple Updates	SECUNIA	secunia.com	Vendor Advisory
ASA-2006-015 (RHSA-2005-801)	CONFIRM	support.avaya.com
Secunia - Advisories - Mandriva update for binutils	SECUNIA	secunia.com	Vendor Advisory
SecurityTracker.com Archives - GNU Project Debugger (GDB) Integer Overflow in Binary File Descriptor Library May Permit Code Execution	SECTRACK	securitytracker.com
USN-136-1: binutils vulnerability \| Ubuntu security notices	UBUNTU	usn.ubuntu.com
Support	REDHAT	www.redhat.com	Vendor Advisory
2005-0025	TRUSTIX	www.trustix.org
Home - Conectiva	CONECTIVA	distro.conectiva.com.br
Gentoo Linux Documentation -- gdb: Multiple vulnerabilities	GENTOO	security.gentoo.org	Vendor Advisory
GDB Multiple Vulnerabilities	BID	www.securityfocus.com
Secunia - Advisories - Avaya gdb Integer Overflow and Insecure Initialisation File Handling	SECUNIA	secunia.com
rhn.redhat.com \| Red Hat Support	REDHAT	www.redhat.com	Vendor Advisory
Support	REDHAT	www.redhat.com	Vendor Advisory
Advisories - Mandriva Linux	MANDRAKE	www.mandriva.com
support.avaya.com/elmodocs2/security/ASA-2005-222.pdf	CONFIRM	support.avaya.com
SGI Advanced Linux Environment Multiple Updates - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
20060703-01-P	SGI	patches.sgi.com
Avaya Products elfutils Vulnerability - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
rhn.redhat.com \| Red Hat Support	REDHAT	www.redhat.com	Vendor Advisory
Advisories - Mandriva	MANDRAKE	www.mandriva.com
Red Hat update for elfutils - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
Secunia - Advisories - Red Hat update for gdb	SECUNIA	secunia.com	Vendor Advisory
VMware ESX Server Multiple Vulnerabilities - Advisories - Secunia	SECUNIA	secunia.com	Vendor Advisory
rhn.redhat.com \| Red Hat Support	REDHAT	www.redhat.com	Vendor Advisory
Support	REDHAT	www.redhat.com
16757	OSVDB	www.osvdb.org
Secunia - Advisories - Avaya Products BFD Integer Overflow Vulnerability	SECUNIA	secunia.com	Vendor Advisory
Secunia - Advisories - Ubuntu update for binutils/binutils-multiarch	SECUNIA	secunia.com	Vendor Advisory
Support	REDHAT	www.redhat.com
Webmail - OVH	VUPEN	www.vupen.com	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Organization	Published	Contributor	Statement
Red Hat	2007-03-14	Mark J Cox	Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.

There are currently no legacy QID mappings associated with this CVE.