Test ID:	1.3.6.1.4.1.25623.1.0.52980
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2005:095 (gdb)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to gdb announced via advisory MDKSA-2005:095. Tavis Ormandy of the Gentoo Linux Security Audit Team discovered two vulnerabilites in the GNU debugger. The first allows an attacker to execute arbitrary code with the privileges of the user running gdb if they can trick the user into loading a specially crafted executable (CVE-2005-1704). He also discovered that gdb loads and executes the file .gdbinit in the current directory even if the file belongs to a different user. If a user can be tricked into running gdb in a directory with a malicious .gdbinit file, a local attacker can exploit this to run arbitrary commands with the privileges of the user running gdb (CVE-2005-1705). The updated packages have been patched to correct these problems. Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:095 Risk factor : High CVSS Score: 7.2
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1704 BugTraq ID: 13697 http://www.securityfocus.com/bid/13697 Bugtraq: 20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates (Google Search) http://www.securityfocus.com/archive/1/464745/100/0/threaded Conectiva Linux advisory: CLA-2006:1060 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001060 http://security.gentoo.org/glsa/glsa-200505-15.xml http://www.gentoo.org/security/en/glsa/glsa-200506-01.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:095 http://www.mandriva.com/security/advisories?name=MDKSA-2005:215 http://www.osvdb.org/16757 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9071 http://www.redhat.com/support/errata/RHSA-2005-659.html http://www.redhat.com/support/errata/RHSA-2005-673.html http://www.redhat.com/support/errata/RHSA-2005-709.html http://www.redhat.com/support/errata/RHSA-2005-763.html http://www.redhat.com/support/errata/RHSA-2005-801.html http://www.redhat.com/support/errata/RHSA-2006-0354.html http://www.redhat.com/support/errata/RHSA-2006-0368.html http://securitytracker.com/id?1016544 http://secunia.com/advisories/15527 http://secunia.com/advisories/17001 http://secunia.com/advisories/17072 http://secunia.com/advisories/17135 http://secunia.com/advisories/17257 http://secunia.com/advisories/17356 http://secunia.com/advisories/17718 http://secunia.com/advisories/18506 http://secunia.com/advisories/21122 http://secunia.com/advisories/21262 http://secunia.com/advisories/21717 http://secunia.com/advisories/24788 SGI Security Advisory: 20060703-01-P ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc http://www.trustix.org/errata/2005/0025/ https://usn.ubuntu.com/136-1/ http://www.vupen.com/english/advisories/2007/1267 Common Vulnerability Exposure (CVE) ID: CVE-2005-1705 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11072
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.