Vulnerability Details : CVE-2011-4355
GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts.
Exploit prediction scoring system (EPSS) score for CVE-2011-4355
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-4355
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2011-4355
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4355
-
http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html
Tom Tromey - Re: [RFA] Add $pdir as entry for libthread-db-search-path.
-
http://sourceware.org/cgi-bin/cvsweb.cgi/~checkout~/src/gdb/NEWS?content-type=text/x-cvsweb-markup&cvsroot=src
ViewVC Repository Listing
-
http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html
Doug Evans - Re: [RFA] Add $pdir as entry for libthread-db-search-path.
-
http://rhn.redhat.com/errata/RHSA-2013-0522.html
RHSA-2013:0522 - Security Advisory - Red Hat Customer Portal
-
http://www.securitytracker.com/id/1028191
GNU Project Debugger (GDB) Untrusted File Loading Flaw Lets Local Users Gain Elevated Privileges - SecurityTracker
Products affected by CVE-2011-4355
- cpe:2.3:a:gnu:gdb:*:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:6.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:7.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:7.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:6.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:6.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:5.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:6.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:6.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:6.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:6.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:5.0.93:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:5.0.92:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:4.18:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:7.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:7.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:6.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:7.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:6.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:gdb:5.1.1:*:*:*:*:*:*:*