Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4865

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2008-4865
Last Modified 30 Mar 2009 12:00:00
Published 31 Oct 2008 08:00:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-4865

Summary

Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE is including this issue because execution of a program from an untrusted directory is a common scenario.

Vulnerable Systems

Application

  • Valgrind 1.9.6

  • Valgrind 2.0.0

  • Valgrind 2.1.0

  • Valgrind 2.1.1

  • Valgrind 2.2.0

  • Valgrind 2.4.1

  • Valgrind 3.0.0

  • Valgrind 3.0.1

  • Valgrind 3.1.0

  • Valgrind 3.1.1

  • Valgrind 3.2.0

  • Valgrind 3.2.1

  • Valgrind 3.2.2

  • Valgrind 3.2.3

  • Valgrind 3.3.0

  • Valgrind 3.3.1

  • Valgrind 3.4.0


References

MLIST - [oss-security] 20081029 Re: CVE request: lynx (old) .mailcap handling flaw

MLIST - [oss-security] 20081028 Re: CVE request: lynx (old) .mailcap handling flaw

MLIST - [oss-security] 20081027 Re: CVE request: lynx (old) .mailcap handling flaw

MLIST - [valgrind-announce] 20090103 Valgrind-3.4.0 is available

GENTOO - GLSA-200902-03

SECUNIA - 33568

SUSE - SUSE-SR:2009:002

Related Patches

Red Hat 2010:0272-01 RHEA valgrind enhancement update for RHEL 5 x86


Last Updated: 27 May 2016 10:48:39