CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2019-20384
https://notcve.org/view.php?id=CVE-2019-20384
20 Jan 2020 — Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners. Gentoo Portage versiones hasta 2.3.84, permite a usuarios locales colocar un complemento de tipo caballo de Troya en el directorio /usr/lib64/nagios/plugins al aprovechar el acceso a la cuenta de usuario nagios, porque este directorio es escribible entre ... • http://www.openwall.com/lists/oss-security/2020/01/21/1 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-18284 – Gentoo Linux Security Advisory 201806-03
https://notcve.org/view.php?id=CVE-2017-18284
04 Jun 2018 — The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL. El paquete app-backup/burp de Gentoo, en versiones anteriores a la 2.1.32, establece la propiedad del directorio de archivos PID en la cuenta burp, lo que podría permitir que usuarios locales finalicen procesos arbitrarios aprovechando el... • https://bugs.gentoo.org/628770 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2017-18285 – Gentoo Linux Security Advisory 201904-05
https://notcve.org/view.php?id=CVE-2017-18285
04 Jun 2018 — The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow local users to obtain read and write access to arbitrary files by leveraging access to a certain account for a burp-server.conf change. El paquete app-backup/burp de Gentoo, en versiones anteriores a la 2.1.32, tiene la propiedad incorrecta del directorio /etc/burp, que podría permitir que usuarios locales obtengan acceso de lectura y escritura a archivos arbitrarios aprovechando el a... • https://bugs.gentoo.org/641842 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-18225 – Gentoo Linux Security Advisory 201803-07
https://notcve.org/view.php?id=CVE-2017-18225
12 Mar 2018 — The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s, and jabberd2-sm in /usr/bin owned by the jabber account, which might allow local users to gain privileges by leveraging access to this account and then waiting for root to execute one of these programs. El paquete net-im/jabberd2 de Gentoo, hasta la versión 2.6.1, instala jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s y jabberd2-sm en /usr/bin, propiedad de la cuenta jabber. Esto podría perm... • https://bugs.gentoo.org/629412 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-18226 – Gentoo Linux Security Advisory 201803-07
https://notcve.org/view.php?id=CVE-2017-18226
12 Mar 2018 — The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of /var/run/jabber to the jabber account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script executes a "kill -TERM `cat /var/run/jabber/filename.pid`" command. El paquete net-im/jabberd2 de Gentoo, hasta la versión 2.6.1, establece la propiedad de /var/run/jabber en la cuenta jabber, lo que podría permitir que usuarios locales finalicen procesos arbi... • https://bugs.gentoo.org/631068 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-15945 – Gentoo Linux Security Advisory 201711-04
https://notcve.org/view.php?id=CVE-2017-15945
27 Oct 2017 — The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link. Los scripts de instalación en los paquetes dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster y dev-db/mariadb-galera de Gento en versiones anteriores a 2017-09... • https://bugs.gentoo.org/630822 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2017-14730
https://notcve.org/view.php?id=CVE-2017-14730
25 Sep 2017 — The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of a hard link. El script init en el paquete app-admin/logstash-bin de Gentoo en versiones anteriores a la 5.5.3 y las versiones 5.6.x anteriores a la 5.6.1 tiene llamadas "chown -R" para árboles de directorio escribibles por los usuarios, lo que permite que ... • https://bugs.gentoo.org/628558 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14484 – Gentoo Linux Security Advisory 201709-11
https://notcve.org/view.php?id=CVE-2017-14484
15 Sep 2017 — The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great Internet Mersenne Prime Search (GIMPS) allows local users to gain privileges by creating a hard link under /var/lib/gimps, because an unsafe "chown -R" command is executed. El paquete de Gentoo sci-mathematics/gimps en versiones anteriores a la 28.10-r1 para Great Internet Mersenne Prime Search (GIMPS) permite que usuarios locales obtengan privilegios mediante la creación de un vínculo físico en /var/lib/gimps debido a que se ejecuta un coma... • https://bugs.gentoo.org/show_bug.cgi?id=603408 • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14483
https://notcve.org/view.php?id=CVE-2017-14483
15 Sep 2017 — flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command. flower.initd en el paquete de Gentoo dev-python/flower en versiones anteriores a la 0.9.1-r1 para Celery Flower establece la propiedad de los archivos PID a una cuenta que no es root, ... • https://bugs.gentoo.org/631020 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2004-2778
https://notcve.org/view.php?id=CVE-2004-2778
27 Jun 2017 — Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands. Ebuild en Gentoo puede cambiar los permisos de directorios y archivos en función del orden de los paquetes instalados, lo que permite a usuarios locales leer o escribir en directorios restringidos o ejecutar comandos restringido... • http://www.openwall.com/lists/oss-security/2017/01/28/7 • CWE-264: Permissions, Privileges, and Access Controls •