ID CVE-2008-4865
Summary Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE is including this issue because execution of a program from an untrusted directory is a common scenario.
References
Vulnerable Configurations
  • cpe:2.3:a:valgrind:valgrind:1.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:valgrind:valgrind:1.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:valgrind:valgrind:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:valgrind:valgrind:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:valgrind:valgrind:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:valgrind:valgrind:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:valgrind:valgrind:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:valgrind:valgrind:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:valgrind:valgrind:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:valgrind:valgrind:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:valgrind:valgrind:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:valgrind:valgrind:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:valgrind:valgrind:2.4.1:*:powerpc:*:*:*:*:*
    cpe:2.3:a:valgrind:valgrind:2.4.1:*:powerpc:*:*:*:*:*
  • cpe:2.3:a:valgrind:valgrind:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:valgrind:valgrind:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:valgrind:valgrind:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:valgrind:valgrind:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:valgrind:valgrind:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:valgrind:valgrind:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:valgrind:valgrind:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:valgrind:valgrind:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:valgrind:valgrind:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:valgrind:valgrind:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:valgrind:valgrind:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:valgrind:valgrind:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:valgrind:valgrind:3.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:valgrind:valgrind:3.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:valgrind:valgrind:3.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:valgrind:valgrind:3.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:valgrind:valgrind:3.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:valgrind:valgrind:3.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:valgrind:valgrind:3.3.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:valgrind:valgrind:3.3.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:valgrind:valgrind:3.3.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:valgrind:valgrind:3.3.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:valgrind:valgrind:3.3.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:valgrind:valgrind:3.3.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:valgrind:valgrind:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:valgrind:valgrind:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:valgrind:valgrind:3.3.1:rc1:*:*:*:*:*:*
    cpe:2.3:a:valgrind:valgrind:3.3.1:rc1:*:*:*:*:*:*
  • cpe:2.3:a:valgrind:valgrind:*:rc1:*:*:*:*:*:*
    cpe:2.3:a:valgrind:valgrind:*:rc1:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 30-03-2009 - 04:00)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
redhat via4
advisories
bugzilla
id 530165
title valgrind does not understand 'address-size-override loopne'
oval
AND
  • comment Red Hat Enterprise Linux 5 is installed
    oval oval:com.redhat.rhba:tst:20070331001
  • OR
    • AND
      • comment valgrind is earlier than 1:3.5.0-1.el5
        oval oval:com.redhat.rhea:tst:20100272002
      • comment valgrind is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhea:tst:20100272003
    • AND
      • comment valgrind-devel is earlier than 1:3.5.0-1.el5
        oval oval:com.redhat.rhea:tst:20100272004
      • comment valgrind-devel is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhea:tst:20100272005
rhsa
released 2010-03-29
severity None
title RHEA-2010:0272: valgrind bug fix and enhancement update (None)
rpms
  • valgrind-1:3.5.0-1.el5
  • valgrind-devel-1:3.5.0-1.el5
refmap via4
gentoo GLSA-200902-03
mlist
  • [oss-security] 20081027 Re: CVE request: lynx (old) .mailcap handling flaw
  • [oss-security] 20081028 Re: CVE request: lynx (old) .mailcap handling flaw
  • [oss-security] 20081029 Re: CVE request: lynx (old) .mailcap handling flaw
  • [valgrind-announce] 20090103 Valgrind-3.4.0 is available
secunia 33568
suse SUSE-SR:2009:002
statements via4
contributor Tomas Hoger
lastmodified 2009-02-05
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-4865 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Last major update 30-03-2009 - 04:00
Published 01-11-2008 - 00:00
Back to Top