CVE-2008-4394

Description

Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds.

Affected products

• gentoo / portage2.1.4.4
• gentoo / portage2.0.51.22 – 2.0.51.22
• gentoo / portage2.1.1 – 2.1.1
• gentoo / portage2.1.3.10 – 2.1.3.10
• gentoo / portage2.1.3.11 – 2.1.3.11

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/32228
• MISChttp://security.gentoo.org/glsa/glsa-200810-02.xml
• MISChttp://www.securityfocus.com/bid/31670
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/45792