Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

Gentoo: GLSA-202310-04 Critical: CustomScript Path Vulnerability

gentoo
Calendar Grey February 12, 2009
Dist Gentoo Esm H88
The vulnerability in Valgrind's search path poses a risk of executing unauthorized code on Gentoo platforms. Urgent mitigation is advised!
An untrusted search path vulnerability in Valgrind might result in the execution of arbitrary code.

Summary

Gentoo Linux Security Advisory GLSA 200902-03 https://security.gentoo.org/ Severity: High Title: Valgrind: Untrusted search path Date: February 12, 2009 Bugs: #245317 ID: 200902-03

Synopsis ======= An untrusted search path vulnerability in Valgrind might result in the execution of arbitrary code.
Background ========= Valgrind is an open-source memory debugger.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-util/valgrind < 3.4.0 >= 3.4.0
========== Tavis Ormandy reported that Valgrind loads a .valgrindrc file in the current working directory, executing commands specified there.
Impact ===== A local attacker could prepare a specially crafted .valgrind...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory high severity gentoo local attack arbitrary code untrusted path valgrind

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory high severity gentoo local attack arbitrary code untrusted path valgrind

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here