CVE编号
CVE-2006-4146利用情况
暂无补丁情况
N/A披露时间
2006-09-01漏洞描述
<div><div><div><dl><dd>GNU Debugger (GDB) 6.5中的(1)DWARF (dwarfread.c)和(2)DWARF2 (dwarf2read.c)调试代码中的缓冲区溢出允许用户帮助的攻击者或受限用户通过一个精心制作的文件执行任意代码,该文件带有一个包含大量操作的location块(DW_FORM_block)。</dd></dl></div></div></div><div id="trans_con"><div id="trans_box"><div><i></i></div></div></div>解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc | |
| http://docs.info.apple.com/article.html?artnum=304669 | |
| http://lists.apple.com/archives/security-announce/2006/Oct/msg00000.html | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html | |
| http://secunia.com/advisories/21713 | |
| http://secunia.com/advisories/22205 | |
| http://secunia.com/advisories/22662 | |
| http://secunia.com/advisories/25098 | |
| http://secunia.com/advisories/25632 | |
| http://secunia.com/advisories/25894 | |
| http://secunia.com/advisories/25934 | |
| http://secunia.com/advisories/26909 | |
| http://secunia.com/advisories/27706 | |
| http://security.gentoo.org/glsa/glsa-200711-23.xml | |
| http://securitytracker.com/id?1017138 | |
| http://support.avaya.com/elmodocs2/security/ASA-2007-253.htm | |
| http://www.osvdb.org/28318 | |
| http://www.redhat.com/support/errata/RHSA-2007-0229.html | |
| http://www.redhat.com/support/errata/RHSA-2007-0469.html | |
| http://www.securityfocus.com/bid/19802 | |
| http://www.ubuntu.com/usn/usn-356-1 | |
| http://www.vupen.com/english/advisories/2006/3433 | |
| http://www.vupen.com/english/advisories/2006/4283 | |
| http://www.vupen.com/english/advisories/2007/3229 | |
| https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204841 | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova... |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | gnu | gdb | 6.5 | - | |||||
- 攻击路径 网络
- 攻击复杂度 高
- 权限要求 无
- 影响范围 N/A
- 用户交互 需要
- 可用性 部分地
- 保密性 部分地
- 完整性 部分地
还没有评论,来说两句吧...