Vulnerability CVE-2005-1704

Vulnerability Name:

CVE-2005-1704 (CCN-20700)

Assigned:

2005-05-24

Published:

2005-05-24

Updated:

2018-10-19

Summary:

Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow.

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-189

Vulnerability Consequences:

Gain Access

References:

Source: SGI
Type: UNKNOWN
20060703-01-P

Source: CCN
Type: BugTraq Mailing List, Wed Apr 04 2007 - 15:20:26 CDT
VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates

Source: CONFIRM
Type: UNKNOWN
http://bugs.gentoo.org/show_bug.cgi?id=91398

Source: MITRE
Type: CNA
CVE-2005-1704

Source: CONECTIVA
Type: UNKNOWN
CLA-2006:1060

Source: CCN
Type: RHSA-2005-659
binutils security update

Source: CCN
Type: RHSA-2005-673
binutils security update

Source: CCN
Type: RHSA-2005-709
gdb security update

Source: CCN
Type: RHSA-2005-763
binutils security update

Source: CCN
Type: RHSA-2005-801
gdb security update

Source: CCN
Type: RHSA-2006-0354
elfutils security update

Source: CCN
Type: RHSA-2006-0368
elfutils security update

Source: SECUNIA
Type: Vendor Advisory
15527

Source: SECUNIA
Type: Vendor Advisory
17001

Source: SECUNIA
Type: Vendor Advisory
17072

Source: SECUNIA
Type: Vendor Advisory
17135

Source: CCN
Type: SA17257
Avaya Products BFD Integer Overflow Vulnerability

Source: SECUNIA
Type: Vendor Advisory
17257

Source: SECUNIA
Type: Vendor Advisory
17356

Source: SECUNIA
Type: Vendor Advisory
17718

Source: CCN
Type: SA18506
Avaya gdb Integer Overflow and Insecure Initialisation File Handling

Source: SECUNIA
Type: UNKNOWN
18506

Source: SECUNIA
Type: Vendor Advisory
21122

Source: SECUNIA
Type: Vendor Advisory
21262

Source: CCN
Type: SA21717
Avaya Products elfutils Vulnerability

Source: SECUNIA
Type: Vendor Advisory
21717

Source: CCN
Type: SA24788
VMware ESX Server Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
24788

Source: GENTOO
Type: Vendor Advisory
GLSA-200505-15

Source: CCN
Type: SECTRACK ID: 1016544
GNU Project Debugger (GDB) Integer Overflow in Binary File Descriptor Library May Permit Code Execution

Source: SECTRACK
Type: UNKNOWN
1016544

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2005-222.pdf

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm

Source: CCN
Type: ASA-2006-015
gdb security update (RHSA-2005-801)

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-178.htm

Source: CCN
Type: ASA-2006-178
elfutils security update (RHSA-2006-0368)

Source: CCN
Type: ASA-2006-210
elfutils security update (RHSA-2006-0354)

Source: CCN
Type: GLSA-200505-15
gdb: Multiple vulnerabilities

Source: CCN
Type: GLSA-200506-01
Binutils, elfutils: Buffer overflow

Source: GENTOO
Type: UNKNOWN
GLSA-200506-01

Source: CCN
Type: GDB: The GNU Project Debugger Web page
GDB: The GNU Project Debugger

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2005:095

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2005:215

Source: OSVDB
Type: UNKNOWN
16757

Source: CCN
Type: OSVDB ID: 16757
GDB BFD Library Local Overflow

Source: REDHAT
Type: Vendor Advisory
RHSA-2005:659

Source: REDHAT
Type: Vendor Advisory
RHSA-2005:673

Source: REDHAT
Type: Vendor Advisory
RHSA-2005:709

Source: REDHAT
Type: Vendor Advisory
RHSA-2005:763

Source: REDHAT
Type: Vendor Advisory
RHSA-2005:801

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0354

Source: REDHAT
Type: UNKNOWN
RHSA-2006:0368

Source: BUGTRAQ
Type: UNKNOWN
20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates

Source: BID
Type: UNKNOWN
13697

Source: CCN
Type: BID-13697
GDB Multiple Vulnerabilities

Source: TRUSTIX
Type: UNKNOWN
2005-0025

Source: CCN
Type: TLSA-2005-68
Two vulnerabilities discovered in gdb

Source: CCN
Type: USN-135-1
gdb vulnerabilities

Source: CCN
Type: USN-136-1
binutils vulnerability

Source: CCN
Type: USN-136-2
Fixed packages for USN-136-1

Source: CONFIRM
Type: UNKNOWN
http://www.vmware.com/support/vi3/doc/esx-55052-patch.html

Source: VUPEN
Type: Vendor Advisory
ADV-2007-1267

Source: XF
Type: UNKNOWN
gdb-bfd-bo(20700)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9071

Source: UBUNTU
Type: UNKNOWN
USN-136-1

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnu:gdb:*:r2:*:*:*:*:*:* (Version <= 6.3)

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnu:gdb:-:*:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

OR cpe:/o:turbolinux:turbolinux:*:*:home:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:9071	V	Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow.	2013-04-29
oval:com.redhat.rhsa:def:20060368	P	RHSA-2006:0368: elfutils security update (Low)	2008-03-20
oval:com.redhat.rhsa:def:20060354	P	RHSA-2006:0354: elfutils security update (Low)	2006-08-10
oval:com.redhat.rhsa:def:20050673	P	RHSA-2005:673: binutils security update (Low)	2005-10-05
oval:com.redhat.rhsa:def:20050709	P	RHSA-2005:709: gdb security update (Low)	2005-10-05
oval:com.redhat.rhsa:def:20050659	P	RHSA-2005:659: binutils security update (Low)	2005-09-28

BACK