CVE-2004-1108

Name of the Vulnerable Software and Affected Versions Gentoo Linux portage versions prior to 2.0.51-r2 Gentoolkit version 0.2.0 pre10 and earlier

Description The issue concerns multiple vulnerabilities in the portage package of Gentoo Linux and a vulnerability in Gentoolkit. These vulnerabilities can be exploited locally, potentially leading to the compromise of protected information. Specifically, the vulnerability in Gentoolkit allows local users to overwrite arbitrary files through a symlink attack on a temporary directory.

Recommendations For Gentoo Linux portage versions prior to 2.0.51-r2, update to version 2.0.51-r2 or later. For Gentoolkit version 0.2.0 pre10 and earlier, avoid using qpkg until a fixed version is available, and consider restricting access to temporary directories to minimize the risk of exploitation.