Lucene search

[email protected]NVD:CVE-2007-6249

HistoryDec 15, 2007 - 1:46 a.m.

CVE-2007-6249

2007-12-1501:46:00

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

Percentile

5.1%

JSON

etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file.

Affected configurations

Nvd

Node

gentoolinux

AND

gentooportageRange≤2.1.3.10

VendorProductVersionCPE
gentoolinux*cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
gentooportage*cpe:2.3:a:gentoo:portage:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gentoo	linux	*	cpe:2.3:o:gentoo:linux::::::::
gentoo	portage	*	cpe:2.3:a:gentoo:portage::::::::

References

bugs.gentoo.org/show_bug.cgi?id=193589

osvdb.org/42636

secunia.com/advisories/28094

sources.gentoo.org/viewcvs.py/portage?rev=7799&view=rev

www.gentoo.org/security/en/glsa/glsa-200712-11.xml

www.securityfocus.com/bid/26864

www.securitytracker.com/id?1019097

exchange.xforce.ibmcloud.com/vulnerabilities/39035

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2007-6249

nessus1 securityvulns2 prion1 openvas2 gentoo1 cve1 cvelist1