blob: c13df9a5bb5d830ad998c9b24e10c807938eadf7 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200902-03">
<title>Valgrind: Untrusted search path</title>
An untrusted search path vulnerability in Valgrind might result in the
execution of arbitrary code.
<product type="ebuild">valgrind</product>
<announced>February 12, 2009</announced>
<revised>February 12, 2009: 01</revised>
<package name="dev-util/valgrind" auto="yes" arch="*">
<unaffected range="ge">3.4.0</unaffected>
<vulnerable range="lt">3.4.0</vulnerable>
Valgrind is an open-source memory debugger.
Tavis Ormandy reported that Valgrind loads a .valgrindrc file in the
current working directory, executing commands specified there.
<impact type="high">
A local attacker could prepare a specially crafted .valgrindrc file and
entice a user to run Valgrind from the directory containing that file,
resulting in the execution of arbitrary code with the privileges of the
user running Valgrind.
Do not run "valgrind" from untrusted working directories.
All Valgrind users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=dev-util/valgrind-3.4.0&quot;</code>
<uri link="">CVE-2008-4865</uri>
<metadata tag="requester" timestamp="Tue, 13 Jan 2009 17:33:22 +0000">
<metadata tag="submitter" timestamp="Tue, 13 Jan 2009 17:46:15 +0000">
<metadata tag="bugReady" timestamp="Tue, 13 Jan 2009 17:47:39 +0000">