CVE-2011-4355
GDB < 7.5 - Privilege Escalation via .debug_gdb_scripts Auto-Loading
Title source: llmDescription
GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts.
References (5)
Core 5
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0522.html
Patch mailing-list
x_refsource_mlist
http://sourceware.org/ml/gdb-patches/2011-04/msg00559.html
Patch mailing-list
x_refsource_mlist
http://sourceware.org/ml/gdb-patches/2011-05/msg00202.html
Patch x_refsource_confirm
http://sourceware.org/cgi-bin/cvsweb.cgi/~checkout~/src/gdb/NEWS?content-type=text/x-cvsweb-markup&cvsroot=src
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1028191
Scores
EPSS
0.0016
EPSS Percentile
36.8%
Details
CWE
CWE-264
Status
published
Products (29)
gnu/gdb
4.18
gnu/gdb
5.0
gnu/gdb
5.0.92
gnu/gdb
5.0.93
gnu/gdb
5.1
gnu/gdb
5.1.1
gnu/gdb
5.2
gnu/gdb
5.2.1
gnu/gdb
5.3
gnu/gdb
6.0
... and 19 more
Published
Mar 05, 2013
Tracked Since
Feb 18, 2026