CVE-2008-4394

Portage <2.1.4.5 - RCE

Title source: llm

Description

Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds.

References (4)

[Vendor Advisory] http://secunia.com/advisories/32228

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45792

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/31670

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-200810-02.xml

Scores

EPSS 0.0006

EPSS Percentile 17.6%

Classification

Status draft

Affected Products (5)

gentoo/portage < 2.1.4.4

gentoo/portage

Timeline

Published Oct 10, 2008

Tracked Since Feb 18, 2026