Upstream information
Description
Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE is including this issue because execution of a program from an untrusted directory is a common scenario.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
| CVSS detail | National Vulnerability Database |
|---|---|
| Base Score | 7.2 |
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
| Access Vector | Local |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Complete |
| Integrity Impact | Complete |
| Availability Impact | Complete |
SUSE Security Advisories:
- SUSE-SR:2009:002, published Mon, 19 Jan 2009 14:00:00 +0000
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 |
| Patchnames: SUSE Linux Enterprise Software Development Kit 11 SP4 GA valgrind-3.8.1-0.5.1 |
| SUSE Linux Enterprise Server 16.0 |
| Patchnames: SUSE Linux Enterprise Server 16.0 GA valgrind-3.24.0-160000.2.2 |
| openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2024-11492 |
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 06:34:27 2013CVE page last modified: Sun Nov 2 12:20:24 2025