MEDIUM🇵🇱 Wersja polska

CVE-2008-4394

CVSS 6.9v2.0pub. 2008-10-10upd. 2026-04-23

Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds.

CVSS Vector
AV:L/AC:M/Au:N/C:C/I:C/A:C
  • Gentoo Portage

    APP
    Gentoo
    2.0.51.222.1.12.1.3.102.1.3.11≤ 2.1.4.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2016-20021CRITICAL9.8PL ✓ten sam produkt

Brak weryfikacji podpisu PGP w Gentoo Portage emerge-webrsync

CVE-2004-2778HIGH7.1ten sam produkt

Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which...

CVE-2013-2100HIGH9.3ten sam produkt

The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not veri...

CVE-2019-20384MEDIUM5.5ten sam produkt

Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugi...

CVE-2004-1901MEDIUM5.5ten sam produkt

Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfil...