CVE-2011-4355

Summary

CVE	CVE-2011-4355
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2013-03-05 21:38:00 UTC
Updated	2023-02-13 00:21:00 UTC
Description	GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts.

Risk And Classification

Problem Types: CWE-264

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Gnu	Gdb	4.18	All	All	All
Application	Gnu	Gdb	5.0	All	All	All
Application	Gnu	Gdb	5.0.92	All	All	All
Application	Gnu	Gdb	5.0.93	All	All	All
Application	Gnu	Gdb	5.1	All	All	All
Application	Gnu	Gdb	5.1.1	All	All	All
Application	Gnu	Gdb	5.2	All	All	All
Application	Gnu	Gdb	5.2.1	All	All	All
Application	Gnu	Gdb	5.3	All	All	All
Application	Gnu	Gdb	6.0	All	All	All
Application	Gnu	Gdb	6.1	All	All	All
Application	Gnu	Gdb	6.1.1	All	All	All
Application	Gnu	Gdb	6.2	All	All	All
Application	Gnu	Gdb	6.2.1	All	All	All
Application	Gnu	Gdb	6.3	All	All	All
Application	Gnu	Gdb	6.4	All	All	All
Application	Gnu	Gdb	6.5	All	All	All
Application	Gnu	Gdb	6.6	All	All	All
Application	Gnu	Gdb	6.7	All	All	All
Application	Gnu	Gdb	6.7.1	All	All	All
Application	Gnu	Gdb	6.8	All	All	All
Application	Gnu	Gdb	7.0	All	All	All
Application	Gnu	Gdb	7.0.1	All	All	All
Application	Gnu	Gdb	7.1	All	All	All
Application	Gnu	Gdb	7.2	All	All	All
Application	Gnu	Gdb	7.3	All	All	All
Application	Gnu	Gdb	7.3.1	All	All	All
Application	Gnu	Gdb	7.4	All	All	All
Application	Gnu	Gdb	4.18	All	All	All
Application	Gnu	Gdb	5.0	All	All	All
Application	Gnu	Gdb	5.0.92	All	All	All
Application	Gnu	Gdb	5.0.93	All	All	All
Application	Gnu	Gdb	5.1	All	All	All
Application	Gnu	Gdb	5.1.1	All	All	All
Application	Gnu	Gdb	5.2	All	All	All
Application	Gnu	Gdb	5.2.1	All	All	All
Application	Gnu	Gdb	5.3	All	All	All
Application	Gnu	Gdb	6.0	All	All	All
Application	Gnu	Gdb	6.1	All	All	All
Application	Gnu	Gdb	6.1.1	All	All	All
Application	Gnu	Gdb	6.2	All	All	All
Application	Gnu	Gdb	6.2.1	All	All	All
Application	Gnu	Gdb	6.3	All	All	All
Application	Gnu	Gdb	6.4	All	All	All
Application	Gnu	Gdb	6.5	All	All	All
Application	Gnu	Gdb	6.6	All	All	All
Application	Gnu	Gdb	6.7	All	All	All
Application	Gnu	Gdb	6.7.1	All	All	All
Application	Gnu	Gdb	6.8	All	All	All
Application	Gnu	Gdb	7.0	All	All	All
Application	Gnu	Gdb	7.0.1	All	All	All
Application	Gnu	Gdb	7.1	All	All	All
Application	Gnu	Gdb	7.2	All	All	All
Application	Gnu	Gdb	7.3	All	All	All
Application	Gnu	Gdb	7.3.1	All	All	All
Application	Gnu	Gdb	7.4	All	All	All
Application	Gnu	Gdb	All	All	All	All

References

Reference	Source	Link	Tags
Red Hat Customer Portal	MISC	access.redhat.com
Red Hat Customer Portal	REDHAT	rhn.redhat.com
GNU Project Debugger (GDB) Untrusted File Loading Flaw Lets Local Users Gain Elevated Privileges - SecurityTracker	SECTRACK	www.securitytracker.com
Bug 703238 – CVE-2011-4355 gdb: object file .debug_gdb_scripts section improper input validation	MISC	bugzilla.redhat.com
Doug Evans - Re: [RFA] Add $pdir as entry for libthread-db-search-path.	MLIST	sourceware.org
Tom Tromey - Re: [RFA] Add $pdir as entry for libthread-db-search-path.	MLIST	sourceware.org
ViewVC Repository Listing	CONFIRM	sourceware.org
CVE-2011-4355 - Red Hat Customer Portal	MISC	access.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.