Valgrind: Untrusted search path — GLSA 200902-03

An untrusted search path vulnerability in Valgrind might result in the execution of arbitrary code.

Affected packages

dev-util/valgrind on all architectures
Affected versions < 3.4.0
Unaffected versions >= 3.4.0

Background

Valgrind is an open-source memory debugger.

Description

Tavis Ormandy reported that Valgrind loads a .valgrindrc file in the current working directory, executing commands specified there.

Impact

A local attacker could prepare a specially crafted .valgrindrc file and entice a user to run Valgrind from the directory containing that file, resulting in the execution of arbitrary code with the privileges of the user running Valgrind.

Workaround

Do not run "valgrind" from untrusted working directories.

Resolution

All Valgrind users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-util/valgrind-3.4.0"

References

Release date
February 12, 2009

Latest revision
February 12, 2009: 01

Severity
high

Exploitable
local

Bugzilla entries