Back to search
CVE-2008-4865
Published: Oct 31, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE is including this issue because execution of a program from an untrusted directory is a common scenario.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[valgrind-announce] 20090103 Valgrind-3.4.0 is available
mailing-list
x_refsource_MLIST
[oss-security] 20081028 Re: CVE request: lynx (old) .mailcap handling flaw
mailing-list
x_refsource_MLIST
[oss-security] 20081027 Re: CVE request: lynx (old) .mailcap handling flaw
mailing-list
x_refsource_MLIST
SUSE-SR:2009:002
vendor-advisory
x_refsource_SUSE
33568
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20081029 Re: CVE request: lynx (old) .mailcap handling flaw
mailing-list
x_refsource_MLIST
[oss-security] 20081029 Re: CVE request: lynx (old) .mailcap handling flaw
mailing-list
x_refsource_MLIST
GLSA-200902-03
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now