Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2013-159)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.120239

Categoría: Amazon Linux Local Security Checks

Título: Amazon Linux: Security Advisory (ALAS-2013-159)

Resumen: The remote host is missing an update for the 'gdb' package(s) announced via the ALAS-2013-159 advisory.

Descripción: Summary:
The remote host is missing an update for the 'gdb' package(s) announced via the ALAS-2013-159 advisory.

Vulnerability Insight:
GDB tried to auto-load certain files (such as GDB scripts, Python scripts, and a thread debugging library) from the current working directory when debugging programs. This could result in the execution of arbitrary code with the user's privileges when GDB was run in a directory that has untrusted content. (CVE-2011-4355)

With this update, GDB no longer auto-loads files from the current directory and only trusts certain system directories by default. The list of trusted directories can be viewed and modified using the 'show auto-load safe-path' and 'set auto-load safe-path' GDB commands. Refer to the GDB manual, linked to in the References, for further information.

Affected Software/OS:
'gdb' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-4355
1028191
http://www.securitytracker.com/id/1028191
RHSA-2013:0522
http://rhn.redhat.com/errata/RHSA-2013-0522.html
[gdb-patches] 20110429 Re: [RFA] Add $pdir as entry for libthread-db-search-path.
http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html
[gdb-patches] 20110506 Re: [RFA] Add $pdir as entry for libthread-db-search-path.
http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html
http://sourceware.org/cgi-bin/cvsweb.cgi/~checkout~/src/gdb/NEWS?content-type=text/x-cvsweb-markup&cvsroot=src

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.120239
Categoría:	Amazon Linux Local Security Checks
Título:	Amazon Linux: Security Advisory (ALAS-2013-159)
Resumen:	The remote host is missing an update for the 'gdb' package(s) announced via the ALAS-2013-159 advisory.
Descripción:	Summary: The remote host is missing an update for the 'gdb' package(s) announced via the ALAS-2013-159 advisory. Vulnerability Insight: GDB tried to auto-load certain files (such as GDB scripts, Python scripts, and a thread debugging library) from the current working directory when debugging programs. This could result in the execution of arbitrary code with the user's privileges when GDB was run in a directory that has untrusted content. (CVE-2011-4355) With this update, GDB no longer auto-loads files from the current directory and only trusts certain system directories by default. The list of trusted directories can be viewed and modified using the 'show auto-load safe-path' and 'set auto-load safe-path' GDB commands. Refer to the GDB manual, linked to in the References, for further information. Affected Software/OS: 'gdb' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4355 1028191 http://www.securitytracker.com/id/1028191 RHSA-2013:0522 http://rhn.redhat.com/errata/RHSA-2013-0522.html [gdb-patches] 20110429 Re: [RFA] Add $pdir as entry for libthread-db-search-path. http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html [gdb-patches] 20110506 Re: [RFA] Add $pdir as entry for libthread-db-search-path. http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html http://sourceware.org/cgi-bin/cvsweb.cgi/~checkout~/src/gdb/NEWS?content-type=text/x-cvsweb-markup&cvsroot=src
Copyright	Copyright (C) 2015 Greenbone AG