Lucene search

PRIOn knowledge basePRION:CVE-2008-4394

HistoryOct 10, 2008 - 10:30 a.m.

Design/Logic Flaw

2008-10-1010:30:00

PRIOn knowledge base

www.prio-n.com

7.4 High

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

27.6%

JSON

Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds.

CPENameOperatorVersion
portageeq2.1.3.10
portageeq2.0.51.22 r3
portagele2.1.4.4
portageeq2.1.3.11
portageeq2.1.1 r2

Name	Operator	Version
portage	eq	2.1.3.10
portage	eq	2.0.51.22 r3
portage	le	2.1.4.4
portage	eq	2.1.3.11
portage	eq	2.1.1 r2

References

secunia.com/advisories/32228

security.gentoo.org/glsa/glsa-200810-02.xml

www.securityfocus.com/bid/31670

exchange.xforce.ibmcloud.com/vulnerabilities/45792

7.4 High

AI Score

Confidence

High

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

27.6%

JSON

Related for PRION:CVE-2008-4394