2 matches found
CVE-2019-20384
Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners...
CVE-2019-20384
CVE-2019-20384 affects Gentoo Portage up to version 2.3.84. The issue arises from a writable /usr/lib64/nagios/plugins directory between emake and fowners calls, allowing a local attacker with Nagios access to place a Trojan plugin. Impact is a local privilege/impersonation risk (I/H) with a low ...