First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 245317
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Stefan Behte <craig@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
valgrind-svn-CVE-2008-4865.patch Patch for valgrind SVN HEAD patch Maurice van der Pot 2008-11-03 19:38 0000 1.96 KB Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 245317 depends on: Show dependency tree
Bug 245317 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-11-02 20:03 0000 
CVE-2008-4865 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4865):
  Untrusted search path vulnerability in valgrind allows local users to
  execute arbitrary programs via a Trojan horse .valgrindrc file in the
  current working directory, as demonstrated using a malicious
  --db-command options.  NOTE: the severity of this issue has been
  disputed, but CVE is including this issue because execution of a
  program from an untrusted directory is a common scenario.

------- Comment #1 From Maurice van der Pot 2008-11-03 19:38:20 0000 ------- 
Created an attachment (id=170644) [details]
Patch for valgrind SVN HEAD

This is the same solution as given by solar for gdb in bug #88398.

It applies to valgrind SVN HEAD, but not to valgrind 3.3.1. Valgrind 3.3.1 has
a problem with vg_stat that has been solved in SVN and I'm not sure this patch
is going to do much good on 3.3.1.

Has valgrind upstream been notified of this issue? I didn't find anything on
the mailing lists or in the bug tracker.

------- Comment #2 From Maurice van der Pot 2008-12-13 10:16:33 0000 ------- 
Anyone?

------- Comment #3 From Matti Bickel 2008-12-13 13:25:21 0000 ------- 
Were waiting on upstream. Change the whiteboard to reflect this.

------- Comment #4 From Maurice van der Pot 2008-12-13 13:51:52 0000 ------- 
Upstream bug report:
https://bugs.kde.org/show_bug.cgi?id=177682

------- Comment #5 From Nuno Lopes 2009-01-04 18:38:21 0000 ------- 
valgrind 3.4 was released yesterday and it fixes this problem.

------- Comment #6 From Robert Buchholz 2009-01-05 02:09:41 0000 ------- 
$ svn log -c 8798 svn://svn.valgrind.org/valgrind/trunk
------------------------------------------------------------------------
r8798 | dirk | 2008-11-22 13:03:19 +0100 (Sat, 22 Nov 2008) | 3 lines

ignore .valgrindrc files that are world writeable
or not owned by the current user (CVE-2008-4865)

------------------------------------------------------------------------

------- Comment #7 From Robert Buchholz 2009-01-09 19:23:50 0000 ------- 
Arches, please test and mark stable:
=dev-util/valgrind-3.4.0
Target keywords : "amd64 ppc ppc64 x86"

------- Comment #8 From Markus Meier 2009-01-10 09:22:36 0000 ------- 
there's a minor issue with this ebuild, apart from that it looks good on
amd64/x86:
configure: WARNING: unrecognized options: --with-x

------- Comment #9 From Maurice van der Pot 2009-01-10 16:41:35 0000 ------- 
It's a harmless warning. The previously optional suppression files for X are
now always included, so the X use flag will be removed as was the --with-x
option to configure.

I'll fix that in a next version to not interfere with testing for
stabilization.

------- Comment #10 From Markus Meier 2009-01-10 16:44:50 0000 ------- 
amd64/x86 stable

------- Comment #11 From Brent Baude 2009-01-12 15:50:33 0000 ------- 
ppc64 done

------- Comment #12 From Tobias Scherbaum 2009-01-13 17:23:59 0000 ------- 
ppc stable, ready for glsa-voting

------- Comment #13 From Robert Buchholz 2009-01-13 17:33:12 0000 ------- 
Why is this B4? It should be B1.

------- Comment #14 From Robert Buchholz 2009-02-12 21:12:32 0000 ------- 
GLSA 200902-03
First Last Prev Next    No search results available      Search page      Enter new bug