CVE-2008-4865

Name of the Vulnerable Software and Affected Versions valgrind versions prior to 3.4.0

Description The issue allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory. This can be achieved by using a malicious --db-command option. The severity of this issue has been disputed, but it is considered a potential risk because execution of a program from an untrusted directory is a common scenario.

Recommendations For valgrind versions prior to 3.4.0, update to version 3.4.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of untrusted directories or restricting access to the .valgrindrc file to minimize the risk of exploitation.