GLSA-200810-02 : Portage: Untrusted search path local root vulnerability

This script is Copyright (C) 2008-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200810-02
(Portage: Untrusted search path local root vulnerability)

The Gentoo Security Team discovered that several ebuilds, such as
sys-apps/portage, net-mail/fetchmail or app-editors/leo execute Python
code using 'python -c', which includes the current working directory in
Python's module search path. For several ebuild functions, Portage did
not change the working directory from emerge's working directory.

Impact :

A local attacker could place a specially crafted Python module in a
directory (such as /tmp) and entice the root user to run commands such
as 'emerge sys-apps/portage' from that directory, resulting in the
execution of arbitrary Python code with root privileges.

Workaround :

Do not run 'emerge' from untrusted working directories.

See also :

http://www.gentoo.org/security/en/glsa/glsa-200810-02.xml

Solution :

All Portage users should upgrade to the latest version:
# cd /root
# emerge --sync
# emerge --ask --oneshot --verbose '>=sys-apps/portage-2.1.4.5'
NOTE: To upgrade to Portage 2.1.4.5 using 2.1.4.4 or prior, you must
run emerge from a trusted working directory, such as '/root'.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)

Family: Gentoo Local Security Checks

Nessus Plugin ID: 34383 (gentoo_GLSA-200810-02.nasl)

Bugtraq ID:

CVE ID: CVE-2008-4394