Symlink Vulnerability in Portage by Gentoo Linux
CVE-2004-1107

Currently unrated

Key Information:

Vendor: Gentoo
Status: Linux
Vendor: CVE Published:; 10 January 2005

What is CVE-2004-1107?

The Portage package manager, specifically version 2.0.51-r2 and earlier, is vulnerable to a symlink attack. This vulnerability allows local users to create symbolic links (symlinks) pointing to arbitrary files. When the 'dispatch-conf' command is executed, it may inadvertently overwrite these designated files, leading to potential unauthorized modifications. Users should ensure they update their Portage version to mitigate this risk and safeguard their systems from possible exploits.

References

http://secunia.com/advisories/13108/

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/11616

vdb-entryx_refsource_BID

http://bugs.gentoo.org/show_bug.cgi?id=69147

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 10, 2005
Vulnerability Reserved
Nov 30, 2004