Mandriva Linux Security Advisory 2009-057 - Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE is including this issue because execution of a program from an untrusted directory is a common scenario. The updated packages have been patched to prevent this.
84053efc1d16fb6b179a05f51bb8abc2f8d65bdafb3b9bdbbdd207d526c49cccGentoo Linux Security Advisory GLSA 200902-03 - An untrusted search path vulnerability in Valgrind might result in the execution of arbitrary code. Tavis Ormandy reported that Valgrind loads a .valgrindrc file in the current working directory, executing commands specified there. Versions less than 3.4.0 are affected.
75a6bce8f765b9f7d40c28eb61f9aa4b9f47555fdf157d4e90dc3535d6589745
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed