The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of GNU gdb: code execution via .debug_gdb_scripts

Synthesis of the vulnerability 

When the victim debugs a program coming from an untrusted source with GNU gdb, this program can contain a ".debug_gdb_scripts" section indicating scripts to execute.
Impacted software: Fedora, RHEL, Unix (platform) ~ not comprehensive.
Severity of this computer vulnerability: 1/4.
Creation date: 29/11/2011.
Références of this announce: BID-50829, CVE-2011-4355, FEDORA-2012-6614, RHSA-2013:0522-02, VIGILANCE-VUL-11182.

Description of the vulnerability 

The GNU gdb tool is used to debug a program. It can for example run a program coming from an untrusted source in step-by-step mode, in order to check if the program contains Trojan code.

An ELF program can contain a ".debug_gdb_scripts" section which indicates the name of scripts to call when the program is loaded. These Python scripts can for example be used to display complex structures ("pretty printers").

However, an untrusted program can be provided with associated scripts. When the program is opened in gdb, these scripts can be run without the user approval.

When the victim debugs a program coming from an untrusted source with GNU gdb, this program can therefore contain a ".debug_gdb_scripts" section indicating scripts to execute.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This weakness note impacts software or systems such as Fedora, RHEL, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this threat note is low.

The trust level is of type confirmed by the editor, with an origin of document.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a specialist ability can exploit this computer weakness.

Solutions for this threat 

GNU gdb: workaround for .debug_gdb_scripts.
When a program coming from an untrusted source is debugged with gdb, scripts which are provided with this program should be moved/renamed/deleted.

Fedora 16: new gdb packages.
New packages are available:
  gdb-7.3.50.20110722-16.fc16

RHEL 6: new gdb packages.
New packages are available:
  gdb-7.2-60.el6
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides systems vulnerabilities patches. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.