Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2008-4394

Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds.

  • Published: Oct 10, 2008
  • Updated: Apr 13, 2023
  • CVE: CVE-2008-4394
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6.9
  • AV:L/AC:M/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Software From Fixed in
gentoo / portage 2.1.3.10 2.1.3.10.x
gentoo / portage 2.0.51.22-r3 2.0.51.22-r3.x
gentoo / portage - 2.1.4.4.x
gentoo / portage 2.1.3.11 2.1.3.11.x
gentoo / portage 2.1.1-r2 2.1.1-r2.x