CVE-2019-20384

2020-01-2100:15:14

Google

osv.dev

AI Score

6.6

Confidence

High

EPSS

Percentile

5.1%

JSON

Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.

References

www.openwall.com/lists/oss-security/2020/01/21/1

bugs.gentoo.org/692492