CVE-2008-4394

EUVD-2008-4375
Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Affected Products (NVD)
VendorProductVersion
gentooportage
𝑥
≤ 2.1.4.4
gentooportage
2.0.51.22:r3
gentooportage
2.1.1:r2
gentooportage
2.1.3.10
gentooportage
2.1.3.11
𝑥
= Vulnerable software versions
References
http://secunia.com/advisories/32228
http://security.gentoo.org/glsa/glsa-200810-02.xml
http://www.securityfocus.com/bid/31670
https://exchange.xforce.ibmcloud.com/vulnerabilities/45792
http://secunia.com/advisories/32228
http://security.gentoo.org/glsa/glsa-200810-02.xml
http://www.securityfocus.com/bid/31670
https://exchange.xforce.ibmcloud.com/vulnerabilities/45792