| Revision Date: | 2022-06-30 | Version: | 1 |
| Title: | CVE-2008-4865 |
| Description: |
Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE is including this issue because execution of a program from an untrusted directory is a common scenario.
|
| Family: | unix | Class: | vulnerability |
| Status: | | Reference(s): | CVE-2008-4865
Mitre CVE-2008-4865
SUSE CVE-2008-4865
SUSE-SR:2009:002
SUSE-SR:2009:002
|
| Platform(s): | Novell Linux Desktop 9 SDK for x86
Novell Linux Desktop 9 SDK for x86_64
openSUSE 10.3
openSUSE 11.0
openSUSE Tumbleweed
SLES SDK 9 for x86
SLES SDK 9 for X86-64
SUSE Linux Enterprise SDK 10 SP2
SUSE Linux Enterprise Software Development Kit 11 SP4
| Product(s): | |
| Definition Synopsis |
| sles10-sp2-sdk is installed AND valgrind less than 3.3.0-15.5
|
| Definition Synopsis |
| SUSE Linux Enterprise Software Development Kit 11 SP4 is installed
AND Package Information
valgrind-3.8.1-0.5 is installed
OR valgrind-devel-3.8.1-0.5 is installed
|
| Definition Synopsis |
| openSUSE Tumbleweed is installed
AND Package Information
valgrind-3.17.0-2.3 is installed
OR valgrind-32bit-3.17.0-2.3 is installed
OR valgrind-devel-3.17.0-2.3 is installed
|