Test ID:	1.3.6.1.4.1.25623.1.0.120239
Category:	Amazon Linux Local Security Checks
Title:	Amazon Linux: Security Advisory (ALAS-2013-159)
Summary:	The remote host is missing an update for the 'gdb' package(s) announced via the ALAS-2013-159 advisory.
Description:	Summary: The remote host is missing an update for the 'gdb' package(s) announced via the ALAS-2013-159 advisory. Vulnerability Insight: GDB tried to auto-load certain files (such as GDB scripts, Python scripts, and a thread debugging library) from the current working directory when debugging programs. This could result in the execution of arbitrary code with the user's privileges when GDB was run in a directory that has untrusted content. (CVE-2011-4355) With this update, GDB no longer auto-loads files from the current directory and only trusts certain system directories by default. The list of trusted directories can be viewed and modified using the 'show auto-load safe-path' and 'set auto-load safe-path' GDB commands. Refer to the GDB manual, linked to in the References, for further information. Affected Software/OS: 'gdb' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4355 1028191 http://www.securitytracker.com/id/1028191 RHSA-2013:0522 http://rhn.redhat.com/errata/RHSA-2013-0522.html [gdb-patches] 20110429 Re: [RFA] Add $pdir as entry for libthread-db-search-path. http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html [gdb-patches] 20110506 Re: [RFA] Add $pdir as entry for libthread-db-search-path. http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html http://sourceware.org/cgi-bin/cvsweb.cgi/~checkout~/src/gdb/NEWS?content-type=text/x-cvsweb-markup&cvsroot=src
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.