Amazon Linux Local Security Checks : Amazon Linux: Security Advisory (ALAS-2013-159)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.120239

Kategorie: Amazon Linux Local Security Checks

Titel: Amazon Linux: Security Advisory (ALAS-2013-159)

Zusammenfassung: The remote host is missing an update for the 'gdb' package(s) announced via the ALAS-2013-159 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'gdb' package(s) announced via the ALAS-2013-159 advisory.

Vulnerability Insight:
GDB tried to auto-load certain files (such as GDB scripts, Python scripts, and a thread debugging library) from the current working directory when debugging programs. This could result in the execution of arbitrary code with the user's privileges when GDB was run in a directory that has untrusted content. (CVE-2011-4355)

With this update, GDB no longer auto-loads files from the current directory and only trusts certain system directories by default. The list of trusted directories can be viewed and modified using the 'show auto-load safe-path' and 'set auto-load safe-path' GDB commands. Refer to the GDB manual, linked to in the References, for further information.

Affected Software/OS:
'gdb' package(s) on Amazon Linux.

Solution:
Please install the updated package(s).

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2011-4355
1028191
http://www.securitytracker.com/id/1028191
RHSA-2013:0522
http://rhn.redhat.com/errata/RHSA-2013-0522.html
[gdb-patches] 20110429 Re: [RFA] Add $pdir as entry for libthread-db-search-path.
http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html
[gdb-patches] 20110506 Re: [RFA] Add $pdir as entry for libthread-db-search-path.
http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html
http://sourceware.org/cgi-bin/cvsweb.cgi/~checkout~/src/gdb/NEWS?content-type=text/x-cvsweb-markup&cvsroot=src

Copyright Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.120239
Kategorie:	Amazon Linux Local Security Checks
Titel:	Amazon Linux: Security Advisory (ALAS-2013-159)
Zusammenfassung:	The remote host is missing an update for the 'gdb' package(s) announced via the ALAS-2013-159 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'gdb' package(s) announced via the ALAS-2013-159 advisory. Vulnerability Insight: GDB tried to auto-load certain files (such as GDB scripts, Python scripts, and a thread debugging library) from the current working directory when debugging programs. This could result in the execution of arbitrary code with the user's privileges when GDB was run in a directory that has untrusted content. (CVE-2011-4355) With this update, GDB no longer auto-loads files from the current directory and only trusts certain system directories by default. The list of trusted directories can be viewed and modified using the 'show auto-load safe-path' and 'set auto-load safe-path' GDB commands. Refer to the GDB manual, linked to in the References, for further information. Affected Software/OS: 'gdb' package(s) on Amazon Linux. Solution: Please install the updated package(s). CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2011-4355 1028191 http://www.securitytracker.com/id/1028191 RHSA-2013:0522 http://rhn.redhat.com/errata/RHSA-2013-0522.html [gdb-patches] 20110429 Re: [RFA] Add $pdir as entry for libthread-db-search-path. http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html [gdb-patches] 20110506 Re: [RFA] Add $pdir as entry for libthread-db-search-path. http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html http://sourceware.org/cgi-bin/cvsweb.cgi/~checkout~/src/gdb/NEWS?content-type=text/x-cvsweb-markup&cvsroot=src
Copyright	Copyright (C) 2015 Greenbone AG