Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4394

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2008-4394
Last Modified 23 Jul 2009 12:00:00
Published 10 Oct 2008 06:30:05
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2008-4394

Summary

Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds.

Vulnerable Systems

Application

  • Gentoo Portage 2.0.51.22

  • Gentoo Portage 2.1.1

  • Gentoo Portage 2.1.3.10

  • Gentoo Portage 2.1.3.11

  • Gentoo Portage 2.1.4.4


References

XF - portage-search-path-priv-escalation(45792)

BID - 31670

GENTOO - GLSA-200810-02

SECUNIA - 32228


Last Updated: 27 May 2016 10:48:28