CVE-2008-4394

3 documents3 sources
Severity
6.9MEDIUM
EPSS
0.1%
top 82.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Gentoo Portage
Timeline
PublishedOct 10
Latest updateMay 2

Description

Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

NVDgentoo/portage2.1.4.4+4

🔴Vulnerability Details

2
GHSA
GHSA-wg82-w6jx-9hqg: Multiple untrusted search path vulnerabilities in Portage before 22022-05-02
CVEList
CVE-2008-4394: Multiple untrusted search path vulnerabilities in Portage before 22008-10-10
CVE-2008-4394 (MEDIUM CVSS 6.9) | Multiple untrusted search path vuln | cvebase.io