CVE-2011-4355

GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html
http://sourceware.org/cgi-bin/cvsweb.cgi/~checkout~/src/gdb/NEWS?content-type=text/x-cvsweb-markup&cvsroot=src
http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html
http://rhn.redhat.com/errata/RHSA-2013-0522.html
http://www.securitytracker.com/id/1028191

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gnu:gdb:6.1:::::::*
	cpe:2.3:a:gnu:gdb:6.1.1:::::::*
	cpe:2.3:a:gnu:gdb:5.2.1:::::::*
	cpe:2.3:a:gnu:gdb:6.3:::::::*
	cpe:2.3:a:gnu:gdb:5.1.1:::::::*
	cpe:2.3:a:gnu:gdb:6.7.1:::::::*
	cpe:2.3:a:gnu:gdb:6.2:::::::*
	cpe:2.3:a:gnu:gdb:5.2:::::::*
	cpe:2.3:a:gnu:gdb:4.18:::::::*
	cpe:2.3:a:gnu:gdb:5.1:::::::*
	cpe:2.3:a:gnu:gdb:7.3.1:::::::*
	cpe:2.3:a:gnu:gdb:5.0:::::::*
	cpe:2.3:a:gnu:gdb:7.2:::::::*
	cpe:2.3:a:gnu:gdb:5.0.92:::::::*
	cpe:2.3:a:gnu:gdb:6.5:::::::*
	cpe:2.3:a:gnu:gdb:6.4:::::::*
	cpe:2.3:a:gnu:gdb:7.4:::::::*
	cpe:2.3:a:gnu:gdb:7.0:::::::*
	cpe:2.3:a:gnu:gdb:6.8:::::::*
	cpe:2.3:a:gnu:gdb:7.3:::::::*
	cpe:2.3:a:gnu:gdb:6.2.1:::::::*
	cpe:2.3:a:gnu:gdb:6.6:::::::*
	cpe:2.3:a:gnu:gdb:7.0.1:::::::*
	cpe:2.3:a:gnu:gdb:7.1:::::::*
	cpe:2.3:a:gnu:gdb:5.0.93:::::::*
	cpe:2.3:a:gnu:gdb:6.7:::::::*
	cpe:2.3:a:gnu:gdb:5.3:::::::*
	cpe:2.3:a:gnu:gdb:6.0:::::::*
	cpe:2.3:a:gnu:gdb::::::::

Information

Published : 2013-03-05 13:38

Updated : 2023-02-12 16:21

NVD link : CVE-2011-4355

Mitre link : CVE-2011-4355

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

gnu

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html", "name": "[gdb-patches] 20110506 Re: [RFA] Add $pdir as entry for libthread-db-search-path.", "tags": [], "refsource": "MLIST"}, {"url": "http://sourceware.org/cgi-bin/cvsweb.cgi/~checkout~/src/gdb/NEWS?content-type=text/x-cvsweb-markup&cvsroot=src", "name": "http://sourceware.org/cgi-bin/cvsweb.cgi/~checkout~/src/gdb/NEWS?content-type=text/x-cvsweb-markup&cvsroot=src", "tags": [], "refsource": "CONFIRM"}, {"url": "http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html", "name": "[gdb-patches] 20110429 Re: [RFA] Add $pdir as entry for libthread-db-search-path.", "tags": [], "refsource": "MLIST"}, {"url": "http://rhn.redhat.com/errata/RHSA-2013-0522.html", "name": "RHSA-2013:0522", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.securitytracker.com/id/1028191", "name": "1028191", "tags": [], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-4355", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-03-05T21:38Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:gnu:gdb:6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:6.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:5.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:5.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:6.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:4.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:7.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:5.0.92:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:6.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:6.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:6.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:6.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:7.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:5.0.93:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:6.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:5.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:gnu:gdb:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "7.4.1"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-13T00:21Z"}

6.9 /10