Lucene search

MitreCVE-2007-6249

HistoryDec 15, 2007 - 1:46 a.m.

CVE-2007-6249

2007-12-1501:46:00

CWE-200

mitre

web.nvd.nist.gov

security

vulnerability

gentoo linux

etc-update

portage

cve-2007-6249

nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

Percentile

5.1%

JSON

etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file.

Affected configurations

Nvd

Node

gentoolinux

AND

gentooportageRange≤2.1.3.10

VendorProductVersionCPE
gentoolinux*cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
gentooportage*cpe:2.3:a:gentoo:portage:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gentoo	linux	*	cpe:2.3:o:gentoo:linux::::::::
gentoo	portage	*	cpe:2.3:a:gentoo:portage::::::::

References

bugs.gentoo.org/show_bug.cgi?id=193589

osvdb.org/42636

secunia.com/advisories/28094

sources.gentoo.org/viewcvs.py/portage?rev=7799&view=rev

www.gentoo.org/security/en/glsa/glsa-200712-11.xml

www.securityfocus.com/bid/26864

www.securitytracker.com/id?1019097

exchange.xforce.ibmcloud.com/vulnerabilities/39035

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2007-6249