gdb prior to 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.
Tavis Ormandy found an integer overflow in the GNU debugger By
tricking an user into merely load a specially crafted executable, an
attacker could exploit this to execute arbitrary code with the
privileges of the user running gdb However, loading untrusted
binaries without actually executing them is rather uncommon, so the
risk of this flaw is lo ...
Synopsis
gdb security update
Type/Severity
Security Advisory: Low
Topic
An updated gdb package that fixes minor security issues is now availableThis update has been rated as having low security impact by the Red HatSecurity Response Team
Description
GDB, the GNU debugger, allows debugging ...
Synopsis
gdb security update
Type/Severity
Security Advisory: Low
Topic
An updated gdb package that fixes several bugs and minor security issues isnow availableThis update has been rated as having low security impact by the Red HatSecurity Response Team
Description
GDB, the GNU debugger, ...