CVE Vulnerabilities

CVE-2008-4394

Published: Oct 10, 2008 | Modified: Aug 08, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.9 MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds.

Affected Software

Name Vendor Start Version End Version
Portage Gentoo 2.0.51.22 2.0.51.22
Portage Gentoo 2.1.1 2.1.1
Portage Gentoo 2.1.3.10 2.1.3.10
Portage Gentoo 2.1.3.11 2.1.3.11
Portage Gentoo * 2.1.4.4

References