PT-2007-1123 · Gentoo · Portage

Published

2007-12-13

Updated

2017-08-08

CVE-2007-6249

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Portage versions prior to 2.1.3.11

Description: The issue concerns a problem where the permissions for the merge file are set based on the umask, often resulting in weaker permissions than those of the original files. This could allow local users to obtain sensitive information by reading the merge file. The exploitation of this issue can be done locally and may lead to the compromise of protected information.

Recommendations: For versions prior to 2.1.3.11, update to version 2.1.3.11 or later to resolve the issue.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2015-09614

CVE-2007-6249

Affected Products

Portage

PT-2007-1123 · Gentoo · Portage

CVE-2007-6249

Weakness Enumeration

Related Identifiers

Affected Products

References · 11