Rapid7 Vulnerability & Exploit Database

RHSA-2005:416: kdbg security update

Back to Search

RHSA-2005:416: kdbg security update

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
09/07/2003
Created
07/25/2018
Added
10/28/2005
Modified
07/12/2017

Description

An updated kdbg package that fixes a minor security issue is now available for Red Hat Enterprise Linux 2.1. This update has been rated as having low security impact by the Red Hat Security Response Team.

Kdbg is a K Desktop Environment (KDE) GUI for gdb, the GNU debugger. Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file. If a program is located in a world-writable location, it is possible for a local user to inject malicious commands. These commands are then executed with the permission of any user that runs Kdbg. The Common Vulnerabilities and Exposures project assigned the name CAN-2003-0644 to this issue. Users of Kdbg should upgrade to this updated package, which contains a backported patch to correct this issue.

Solution(s)

  • redhat-upgrade-kdbg

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;