Pardus: Valgrind: Untrusted Path
Posted by Benjamin D. Thomas   
Untrusted search path vulnerability in valgrind allows local users to execute arbitrary programs via a Trojan horse

------------------------------------------------------------------------
Pardus Linux Security Advisory 2009-03            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2009-01-14
  Severity: 2
      Type: Local
------------------------------------------------------------------------

Summary
=======

Untrusted search path vulnerability in valgrind allows local  users  to 
execute arbitrary programs via a Trojan horse 


Description
===========

.valgrindrc file in the current working directory, as demonstrated using
a malicious --db-command options. 


Affected packages:

  Pardus 2008:
    valgrind, all before 3.4.0-13-3


Resolution
==========

There are update(s) for valgrind.  You  can  update  them  via  Package 
Manager or with a single command from console: 

    pisi up valgrind

References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=8576
  * http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4865
  * http://www.valgrind.org/docs/manual/dist.news.html