CVE-2008-4865

Publication date 1 November 2008

Last updated 24 July 2024


Ubuntu priority

Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE is including this issue because execution of a program from an untrusted directory is a common scenario.

Status

Package Ubuntu Release Status
valgrind 11.04 natty
Not affected
10.10 maverick
Not affected
10.04 LTS lucid
Not affected
9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid Ignored end of life, was needed
8.04 LTS hardy Ignored end of life
7.10 gutsy Ignored end of life, was needed
6.06 LTS dapper Ignored end of life