← voltar
CVE-2008-4865

CVE-2008-4865

EPSS 0.4%
Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE is including this issue because execution of a program from an untrusted directory is a common scenario.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.htmlhttp://secunia.com/advisories/33568http://security.gentoo.org/glsa/glsa-200902-03.xmlhttp://sourceforge.net/mailarchive/forum.php?thread_name=200901032045.17604.jseward%40acm.org&forum_name=valgrind-announcehttp://www.openwall.com/lists/oss-security/2008/10/27/4http://www.openwall.com/lists/oss-security/2008/10/28/5http://www.openwall.com/lists/oss-security/2008/10/29/5http://www.openwall.com/lists/oss-security/2008/10/29/9