GLSA-200810-02 : Portage: Untrusted search path local root vulnerability

This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200810-02
(Portage: Untrusted search path local root vulnerability)

The Gentoo Security Team discovered that several ebuilds, such as
sys-apps/portage, net-mail/fetchmail or app-editors/leo execute Python
code using 'python -c', which includes the current working directory in
Python's module search path. For several ebuild functions, Portage did
not change the working directory from emerge's working directory.

Impact :

A local attacker could place a specially crafted Python module in a
directory (such as /tmp) and entice the root user to run commands such
as 'emerge sys-apps/portage' from that directory, resulting in the
execution of arbitrary Python code with root privileges.

Workaround :

Do not run 'emerge' from untrusted working directories.

See also :

Solution :

All Portage users should upgrade to the latest version:
# cd /root
# emerge --sync
# emerge --ask --oneshot --verbose '>=sys-apps/portage-'
NOTE: To upgrade to Portage using or prior, you must
run emerge from a trusted working directory, such as '/root'.

Risk factor :

Medium / CVSS Base Score : 6.9

Family: Gentoo Local Security Checks

Nessus Plugin ID: 34383 (gentoo_GLSA-200810-02.nasl)

Bugtraq ID:

CVE ID: CVE-2008-4394

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now