Upstream information

CVE-2011-4355 at MITRE

Description

GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts.

SUSE information

Overall state of this security issue: Ignore

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.9
Vector AV:L/AC:M/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Note from the SUSE Security Team

The problem affects SUSE Linux Enterprise, but a usage scenario where an administrator runs gdb in untrusted attacker controlled directories is very unlikely.

SUSE Bugzilla entry: 733300 [RESOLVED / WONTFIX]

No SUSE Security Announcements cross referenced.