7.2

CVE-2008-4865

Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options.  NOTE: the severity of this issue has been disputed, but CVE is including this issue because execution of a program from an untrusted directory is a common scenario.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ValgrindValgrind Updaterc1 Version <= 3.4.0
ValgrindValgrind Version1.9.6
ValgrindValgrind Version2.0.0
ValgrindValgrind Version2.1.0
ValgrindValgrind Version2.1.1
ValgrindValgrind Version2.2.0
ValgrindValgrind Version2.4.1
ValgrindValgrind Version2.4.1 Editionpowerpc
ValgrindValgrind Version3.0.0
ValgrindValgrind Version3.0.1
ValgrindValgrind Version3.1.0
ValgrindValgrind Version3.1.1
ValgrindValgrind Version3.2.0
ValgrindValgrind Version3.2.1
ValgrindValgrind Version3.2.2
ValgrindValgrind Version3.2.3
ValgrindValgrind Version3.3.0
ValgrindValgrind Version3.3.0 Updaterc1
ValgrindValgrind Version3.3.0 Updaterc2
ValgrindValgrind Version3.3.0 Updaterc3
ValgrindValgrind Version3.3.1
ValgrindValgrind Version3.3.1 Updaterc1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.344
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
http://secunia.com/advisories/33568
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200902-03.xml
http://sourceforge.net/mailarchive/forum.php?thread_name=200901032045.17604.jseward%40acm.org&forum_name=valgrind-announce
http://www.openwall.com/lists/oss-security/2008/10/27/4
http://www.openwall.com/lists/oss-security/2008/10/28/5
http://www.openwall.com/lists/oss-security/2008/10/29/5
http://www.openwall.com/lists/oss-security/2008/10/29/9