CVE-2008-4394

2008-10-1010:30:05

[email protected]

web.nvd.nist.gov

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

29.6%

JSON

Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds.

Affected configurations

Nvd

Node

gentooportageRange≤2.1.4.4

gentooportageMatch2.0.51.22r3

gentooportageMatch2.1.1r2

gentooportageMatch2.1.3.10

gentooportageMatch2.1.3.11

VendorProductVersionCPE
gentooportage*cpe:2.3:a:gentoo:portage:*:*:*:*:*:*:*:*
gentooportage2.0.51.22cpe:2.3:a:gentoo:portage:2.0.51.22:r3:*:*:*:*:*:*
gentooportage2.1.1cpe:2.3:a:gentoo:portage:2.1.1:r2:*:*:*:*:*:*
gentooportage2.1.3.10cpe:2.3:a:gentoo:portage:2.1.3.10:*:*:*:*:*:*:*
gentooportage2.1.3.11cpe:2.3:a:gentoo:portage:2.1.3.11:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gentoo	portage	*	cpe:2.3:a:gentoo:portage::::::::
gentoo	portage	2.0.51.22	cpe:2.3:a:gentoo:portage:2.0.51.22:r3::::::
gentoo	portage	2.1.1	cpe:2.3:a:gentoo:portage:2.1.1:r2::::::
gentoo	portage	2.1.3.10	cpe:2.3:a:gentoo:portage:2.1.3.10:::::::*
gentoo	portage	2.1.3.11	cpe:2.3:a:gentoo:portage:2.1.3.11:::::::*