CVE-2004-1107

Name of the Vulnerable Software and Affected Versions Portage versions 2.0.51-r2 and earlier

Description The issue allows local users to overwrite arbitrary files via a symlink attack on temporary files. Multiple vulnerabilities in the Portage package can lead to a breach of protected information integrity, and exploitation can be carried out locally.

Recommendations For Portage versions 2.0.51-r2 and earlier, consider updating to a version later than 2.0.51-r2 to resolve the issue. As a temporary workaround, consider restricting access to the dispatch-conf function to minimize the risk of exploitation. Avoid using dispatch-conf on untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.