Lucene search

[email protected]CVE-2007-6249

HistoryDec 15, 2007 - 1:46 a.m.

CVE-2007-6249

2007-12-1501:46:00

CWE-200

[email protected]

web.nvd.nist.gov

security

vulnerability

gentoo linux

etc-update

portage

cve-2007-6249

nvd

5.9 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file.

CPENameOperatorVersion
gentoo:portagegentoo portagele2.1.3.10

CPE	Name	Operator	Version
gentoo:portage	gentoo portage	le	2.1.3.10

References

bugs.gentoo.org/show_bug.cgi?id=193589

osvdb.org/42636

secunia.com/advisories/28094

sources.gentoo.org/viewcvs.py/portage?rev=7799&view=rev

www.gentoo.org/security/en/glsa/glsa-200712-11.xml

www.securityfocus.com/bid/26864

www.securitytracker.com/id?1019097

exchange.xforce.ibmcloud.com/vulnerabilities/39035

5.9 Medium

AI Score

Confidence

High

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2007-6249

nessus1 securityvulns2 prion1 gentoo1 openvas2