JabberD 2.x: Multiple vulnerabilities

Background JabberD 2.x is an open source Jabber server written in C. Description Multiple vulnerabilities have been discovered in Gentoo’s JabberD 2.x ebuild. Please review the referenced CVE identifiers for details. Impact An attacker could possibly escalate privileges by owning system binaries ...

GLSA-201803-07 : JabberD 2.x: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201803-07 JabberD 2.x: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Gentoos JabberD 2.x ebuild. Please review the referenced CVE identifiers for details. Impact : An attacker could possibly escalate...

Gentoo Local Privilege Vulnerability

Gentoo is an open source Linux system from the Gentoo Foundation. Ebuild in Gentoo may change directory and file permissions based on the order of installed packages, which can be exploited by a local attacker to read or write to a restricted directory, execute restricted commands via the affecte...

CVE-2004-2778

Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands...

CVE-2004-2778

Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands...

CVE-2004-2778

CVE-2004-2778 affects Gentoo’s ebuild handling: the order of installed packages can alter directory and file permissions, enabling a local attacker to read/write restricted dirs or run restricted commands by navigating affected paths. Connected sources corroborate Gentoo local privilege vulnerabi...

NGINX: Privilege escalation

Background nginx is a robust, small, and high performance HTTP and reverse proxy server. Description It was discovered that Gentoo’s default NGINX installation applied similar problematic permissions on “/var/log/nginx” as Debian DSA-3701 and is therefore vulnerable to the same attack described i...

Gentoo Security Advisory GLSA 201210-04 (ebuild)

The remote host is missing updates announced in advisory GLSA 201210-04. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

Gentoo Security Advisory GLSA 201202-08 (ebuild stunnel)

The remote host is missing updates announced in advisory GLSA 201202-08. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 200710-25 (mldonkey)

The remote host is missing updates announced in advisory GLSA 200710-25. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MLDonkey: Privilege escalation

Background MLDonkey is a peer-to-peer filesharing client that connects to several different peer-to-peer networks, including Overnet and BitTorrent. Description The Gentoo MLDonkey ebuild adds a user to the system named "p2p" so that the MLDonkey service can run under a user with low privileges...

GLSA-200701-19 : OpenLDAP: Insecure usage of /tmp during installation

The remote host is affected by the vulnerability described in GLSA-200701-19 OpenLDAP: Insecure usage of /tmp during installation Tavis Ormandy of the Gentoo Linux Security Team has discovered that the file gencert.sh distributed with the Gentoo ebuild for OpenLDAP does not exit upon the existenc...

Code injection

The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0...

CVE-2006-0071

The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0...

CVE-2006-0071

Pinentry on Gentoo is affected by CVE-2006-0071: the pinentry ebuild before 0.7.2-r2 sets the sgid bit on pinentry binaries, allowing local users to read or overwrite files with gid 0. Affected packages include pinentry, pinentry-curses, pinentry-gtk, and pinentry-gtk. Remediation: upgrade to pin...

CVE-2005-3785

Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX eix before 0.5.0pre2 allows local users to overwrite arbitrary files via a symlink attack on the exi.X.sync temporary file, which is processed by the diff-eix program...

CVE-2005-3785

Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX eix before 0.5.0pre2 allows local users to overwrite arbitrary files via a symlink attack on the exi.X.sync temporary file, which is processed by the diff-eix program...

CVE-2005-3785

The CVE-2005-3785 issue affects eix (Ebuild IndeX) prior to 0.5.0_pre2, where a second-order symlink vulnerability in the eix-sync.in path allows a local user to overwrite arbitrary files via a symlink to the exi.X.sync temporary file, processed by diff-eix. Exploitation is local and depends on c...