Integer overflow in the BFD library for gdb before 6.3 allows attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow. More information is available in the gentoo bug: http://bugs.gentoo.org/show_bug.cgi?id=91398
This issue should also affect RHEL2.1 and RHEL3
ping on this issue
I have pieced together the correct fix for bfd and have modified the gdb patch discussed on the FSF list to add a query that allows the user to continue and defaults to no if the .gdbinit file is untrusted. I am currently building and testing the patch.
Created attachment 115313 [details] Demo exploit taken from the gentoo BTS
There are already separate bzs for binutils, so this one should be assigned to GDB crowd...
Moving to modified as rpm has been built for RHEL-4: gdb-6.3.0.0-0.31.5
Jeff, Additionally, how do these packages fall regarding the quarterly updates? Are they included in the current QU packages, or shall we wait until after U2/U6 to release these?
This patch is considered between the last QU update and the upcoming one. It is a security patch that falls outside the normal QU timeframe. It also allows those who do not intend to update to the next gdb QU level to get the patch on its own.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-709.html