Back to search
CVE-2007-6249
Published: Dec 15, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://sources.gentoo.org/viewcvs.py/portage?rev=7799&view=rev
x_refsource_CONFIRM
28094
third-party-advisory
x_refsource_SECUNIA
portage-etcupdate-information-disclosure(39035)
vdb-entry
x_refsource_XF
26864
vdb-entry
x_refsource_BID
http://bugs.gentoo.org/show_bug.cgi?id=193589
x_refsource_CONFIRM
42636
vdb-entry
x_refsource_OSVDB
1019097
vdb-entry
x_refsource_SECTRACK
GLSA-200712-11
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now