Vulnerability Details : CVE-2005-1705
gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.
Exploit prediction scoring system (EPSS) score for CVE-2005-1705
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2005-1705
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
Vendor statements for CVE-2005-1705
-
Red Hat 2007-03-14Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
-
http://www.mandriva.com/security/advisories?name=MDKSA-2005:095
Patch;Vendor Advisory
- http://secunia.com/advisories/18506
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11072
-
http://www.redhat.com/support/errata/RHSA-2005-709.html
Patch;Vendor Advisory
-
http://bugs.gentoo.org/show_bug.cgi?id=88398
-
http://www.redhat.com/support/errata/RHSA-2005-801.html
Patch;Vendor Advisory
-
http://security.gentoo.org/glsa/glsa-200505-15.xml
Vendor Advisory
- http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm
- cpe:2.3:a:gnu:gdb:*:r2:*:*:*:*:*:*