Page 2 of 7 results (0.008 seconds)

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 2

etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file. etc-update en Portage before 2.1.3.11 sobre Gentoo Linux depende de umask para asignar permisos al fichero a unir, normalmente como resultado de permisos débiles que los archivos orignales, lo cual podría permitir a usuarios locales obtener información sensible a través de la lectura del fichero a unir. • http://bugs.gentoo.org/show_bug.cgi?id=193589 http://osvdb.org/42636 http://secunia.com/advisories/28094 http://sources.gentoo.org/viewcvs.py/portage?rev=7799&view=rev http://www.gentoo.org/security/en/glsa/glsa-200712-11.xml http://www.securityfocus.com/bid/26864 http://www.securitytracker.com/id?1019097 https://exchange.xforce.ibmcloud.com/vulnerabilities/39035 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles. • http://secunia.com/advisories/11305 http://security.gentoo.org/glsa/glsa-200404-01.xml http://www.securityfocus.com/bid/10060 https://exchange.xforce.ibmcloud.com/vulnerabilities/15754 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •