6.9

CVE-2008-4394

EPSS 0.06%
Veröffentlicht 10.10.2008 10:30:05
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gentoo ≫ Portage Version <= 2.1.4.4

Gentoo ≫ Portage Version2.0.51.22 Updater3

Gentoo ≫ Portage Version2.1.1 Updater2

Gentoo ≫ Portage Version2.1.3.10

Gentoo ≫ Portage Version2.1.3.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.147

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

http://secunia.com/advisories/32228

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200810-02.xml

http://www.securityfocus.com/bid/31670

https://exchange.xforce.ibmcloud.com/vulnerabilities/45792

https://nvd.nist.gov/vuln/detail/CVE-2008-4394

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-4394

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-4394

EUVD