CVE-2008-4394

Name of the Vulnerable Software and Affected Versions Portage versions prior to 2.1.4.5

Description The issue concerns untrusted search path vulnerabilities in Portage, allowing local users to execute arbitrary code via modified Python modules loaded by various ebuilds, including ys-apps/portage, net-mail/fetchmail, and app-editors/leo. This vulnerability can lead to a breach of confidentiality, integrity, and availability of protected information. It can be exploited locally.

Recommendations For versions prior to 2.1.4.5, update to version 2.1.4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable ebuilds until a patch is applied. Avoid using the affected ebuilds in sensitive environments until the issue is resolved.