CVE-2008-4865
Published Nov 1, 2008
Last updated 16 years ago
Overview
- Description
- Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE is including this issue because execution of a program from an untrusted directory is a common scenario.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Social media
- Hype score
- Not currently trending
Vendor comments
- Red HatRed Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-4865 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:valgrind:valgrind:*:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CF1EAC64-F4BD-4D47-8911-95BD992E7D42",
"versionEndIncluding": "3.4.0"
},
{
"criteria": "cpe:2.3:a:valgrind:valgrind:1.9.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94A64050-1C4E-4F15-B67B-56FDFCE08577"
},
{
"criteria": "cpe:2.3:a:valgrind:valgrind:2.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "64F0D4F4-98F5-4425-8E2C-601B40ED59A0"
},
{
"criteria": "cpe:2.3:a:valgrind:valgrind:2.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2EDB92F1-6418-4278-9885-D20BBCA44137"
},
{
"criteria": "cpe:2.3:a:valgrind:valgrind:2.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F7D6BBF5-F4A1-410D-95EB-36893BDB01F4"
},
{
"criteria": "cpe:2.3:a:valgrind:valgrind:2.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "730EF394-7A00-417F-8BD2-6EADE589488B"
},
{
"criteria": "cpe:2.3:a:valgrind:valgrind:2.4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7224BE5F-07B6-4E03-9B45-DA014B74BBAD"
},
{
"criteria": "cpe:2.3:a:valgrind:valgrind:2.4.1:*:powerpc:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "561ECD31-3D7B-4D37-B27A-42B568493A8D"
},
{
"criteria": "cpe:2.3:a:valgrind:valgrind:3.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93AC14DE-CBA0-4F89-A22D-2B919937AC54"
},
{
"criteria": "cpe:2.3:a:valgrind:valgrind:3.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7992D2F0-419E-4E53-B51F-48619908205E"
},
{
"criteria": "cpe:2.3:a:valgrind:valgrind:3.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C21779DD-28AD-4663-9A0B-EBF2C62C5B73"
},
{
"criteria": "cpe:2.3:a:valgrind:valgrind:3.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1964E2AE-CF86-45B5-9A92-65DB4FF8A023"
},
{
"criteria": "cpe:2.3:a:valgrind:valgrind:3.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83D89EB5-3D7D-4063-B14B-C205298F0A90"
},
{
"criteria": "cpe:2.3:a:valgrind:valgrind:3.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F9477B98-6BDF-40E8-85F7-BB21901637C5"
},
{
"criteria": "cpe:2.3:a:valgrind:valgrind:3.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A986472F-6273-4D79-8186-42B21CC5D811"
},
{
"criteria": "cpe:2.3:a:valgrind:valgrind:3.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A276C7C-BF1B-400F-A4F4-574E4D96389C"
},
{
"criteria": "cpe:2.3:a:valgrind:valgrind:3.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A4D28840-D164-4F8F-B65E-A29BCF9CBD90"
},
{
"criteria": "cpe:2.3:a:valgrind:valgrind:3.3.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "638B1E2A-0F2C-4A70-A104-8240DDB26AF4"
},
{
"criteria": "cpe:2.3:a:valgrind:valgrind:3.3.0:rc2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AC7DA8BD-2DE1-4959-91DE-F320B7C3E1B0"
},
{
"criteria": "cpe:2.3:a:valgrind:valgrind:3.3.0:rc3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6702F6DC-0792-41D0-B143-74312F0B8A44"
},
{
"criteria": "cpe:2.3:a:valgrind:valgrind:3.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AE87E144-CEB2-41BF-9F7D-A57A5D3EC343"
},
{
"criteria": "cpe:2.3:a:valgrind:valgrind:3.3.1:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1630AF79-2303-45C6-8D47-6CC297ADABB8"
}
],
"operator": "OR"
}
]
}
]