Symlink Vulnerability in Portage by Gentoo Linux
CVE-2004-1107

Currently unrated

Key Information:

Vendor

Gentoo

Status
Linux
Vendor
CVE Published:
10 January 2005

What is CVE-2004-1107?

The Portage package manager, specifically version 2.0.51-r2 and earlier, is vulnerable to a symlink attack. This vulnerability allows local users to create symbolic links (symlinks) pointing to arbitrary files. When the 'dispatch-conf' command is executed, it may inadvertently overwrite these designated files, leading to potential unauthorized modifications. Users should ensure they update their Portage version to mitigate this risk and safeguard their systems from possible exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/13108/
third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/11616
vdb-entryx_refsource_BID
http://bugs.gentoo.org/show_bug.cgi?id=69147
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.