Directory and File Permission Vulnerability in Gentoo Linux
CVE-2004-2778

7.1HIGH

Key Information:

Vendor

Gentoo

Status
Portage
Vendor
CVE Published:
27 June 2017

What is CVE-2004-2778?

A vulnerability in the Ebuild system of Gentoo Linux allows local users to impact directory and file permissions. The issue arises from the order in which packages are installed, potentially granting users access to restricted directories or enabling execution of restricted commands. This misconfiguration could lead to unauthorized reading or writing of files, posing a significant security risk.

References

https://bugs.gentoo.org/show_bug.cgi?id=141619
x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2017/01/28/7
mailing-listx_refsource_MLIST
https://bugs.gentoo.org/show_bug.cgi?id=58611
x_refsource_CONFIRM

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.