8 matches found
EUVD-2004-1105
Malware in sbrugna...
EUVD-2019-10936
Malware in sbrugna...
CVE-2016-20021
In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable...
Man-in-the-middle(MitM) Attack
Gentoo Portage is vulnerable to a Man-in-the-Middle MitM attack. The vulnerability exists due to the failure of emerge-webrsync to perform PGP signature verification on downloaded .gpgsig files, allowing an attacker to inject malicious code during the file download process...
GHSA-8823-XPHR-QW9V Gentoo Portage does not verify X.509 certificates from SSL servers
The urlopen function in pym/portage/util/urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate...
PYSEC-2014-115
The urlopen function in pym/portage/util/urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate...
CVE-2004-1107
dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files...
[ GLSA 200411-13 ] Portage, Gentoolkit: Temporary file vulnerabilities
Gentoo Linux Security Advisory GLSA 200411-13:01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -...