Vulnerability Description
gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.
CVSS Score
7.2
HIGH
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Gdb | <= 6.3 |
References
- http://bugs.gentoo.org/show_bug.cgi?id=88398
- http://secunia.com/advisories/17072PatchVendor Advisory
- http://secunia.com/advisories/17356
- http://secunia.com/advisories/18506
- http://security.gentoo.org/glsa/glsa-200505-15.xmlVendor Advisory
- http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:095PatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-709.htmlPatchVendor Advisory
- http://www.redhat.com/support/errata/RHSA-2005-801.htmlPatchVendor Advisory
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://bugs.gentoo.org/show_bug.cgi?id=88398
- http://secunia.com/advisories/17072PatchVendor Advisory
- http://secunia.com/advisories/17356
- http://secunia.com/advisories/18506
- http://security.gentoo.org/glsa/glsa-200505-15.xmlVendor Advisory
FAQ
What is CVE-2005-1705?
CVE-2005-1705 is a vulnerability with a CVSS score of 7.2 (HIGH). gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.
How severe is CVE-2005-1705?
CVE-2005-1705 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1705?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Gdb.