It is currently Thu Dec 18, 2014 7:11 am

All times are UTC




Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: [CVE-2008-4865] Valgrind 3.x < 3.4.0, untrusted search path
PostPosted: Thu Feb 12, 2009 11:57 pm 
Master of the known universe
Master of the known universe
User avatar

Joined: Thu Mar 29, 2007 2:34 am
Posts: 1212
Location: Taiwan
I learned this through GLSA-200902-03

GLSA-200902-03 wrote:
Description

Tavis Ormandy reported that Valgrind loads a .valgrindrc file in the current working directory, executing commands specified there.

Impact

A local attacker could prepare a specially crafted .valgrindrc file and entice a user to run Valgrind from the directory containing that file, resulting in the execution of arbitrary code with the privileges of the user running Valgrind.


CVE-2008-4865 wrote:
Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE is including this issue because execution of a program from an untrusted directory is a common scenario.


We currently have version 3.3.1 in SNAPSHOT. Valgrind 3.4.0 has been released in January:
http://sourceforge.net/mailarchive/mess ... %40acm.org

The risk factor of this issue has been rated as "HIGH" by NVD:
http://web.nvd.nist.gov/view/vuln/detai ... -2008-4865

References:
http://www.gentoo.org/security/en/glsa/ ... 902-03.xml
http://cve.mitre.org/cgi-bin/cvename.cg ... -2008-4865

!8! !8! !8!


 Profile Send private message  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

All times are UTC


 Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
 
cron