CVE-2008-4865 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4865): Untrusted search path vulnerability in valgrind allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE is including this issue because execution of a program from an untrusted directory is a common scenario.
Created attachment 170644 [details, diff] Patch for valgrind SVN HEAD This is the same solution as given by solar for gdb in bug #88398. It applies to valgrind SVN HEAD, but not to valgrind 3.3.1. Valgrind 3.3.1 has a problem with vg_stat that has been solved in SVN and I'm not sure this patch is going to do much good on 3.3.1. Has valgrind upstream been notified of this issue? I didn't find anything on the mailing lists or in the bug tracker.
Anyone?
Were waiting on upstream. Change the whiteboard to reflect this.
Upstream bug report: https://bugs.kde.org/show_bug.cgi?id=177682
valgrind 3.4 was released yesterday and it fixes this problem.
$ svn log -c 8798 svn://svn.valgrind.org/valgrind/trunk ------------------------------------------------------------------------ r8798 | dirk | 2008-11-22 13:03:19 +0100 (Sat, 22 Nov 2008) | 3 lines ignore .valgrindrc files that are world writeable or not owned by the current user (CVE-2008-4865) ------------------------------------------------------------------------
Arches, please test and mark stable: =dev-util/valgrind-3.4.0 Target keywords : "amd64 ppc ppc64 x86"
there's a minor issue with this ebuild, apart from that it looks good on amd64/x86: configure: WARNING: unrecognized options: --with-x
It's a harmless warning. The previously optional suppression files for X are now always included, so the X use flag will be removed as was the --with-x option to configure. I'll fix that in a next version to not interfere with testing for stabilization.
amd64/x86 stable
ppc64 done
ppc stable, ready for glsa-voting
Why is this B4? It should be B1.
GLSA 200902-03