GLSA-200712-11 : Portage: Information disclosure

The remote host is affected by the vulnerability described in GLSA-200712-11 Portage: Information disclosure Mike Frysinger reported that the 'etc-update' utility uses temporary files with the standard umask, which results in the files being world-readable when merging configuration files in a...

Portage information leak

etc-update utilities stores sensitive information in insecure temporayr file...

CVE-2007-6249

etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file...

Design/Logic Flaw

etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file...

CVE-2007-6249

etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file...

CVE-2007-6249

CVE-2007-6249 concerns Portage (Gentoo) = 2.1.3.11 (or apply equivalent patches) to mitigate the risk. If upgrading is not immediately possible, be aware that the description and related GLSAs/Nessus entries consistently describe an information-disclosure impact due to insecure temporary files du...