CVE-2008-4394

high

Description

Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/45792

http://www.securityfocus.com/bid/31670

http://security.gentoo.org/glsa/glsa-200810-02.xml

http://secunia.com/advisories/32228

Details

Source: Mitre, NVD

Published: 2008-10-10

Updated: 2017-08-08

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High