Information Disclosure Vulnerability in Gentoo Linux Portage
CVE-2007-6249

Currently unrated

Key Information:

Vendor: Gentoo
Status: Portage
Vendor: CVE Published:; 15 December 2007

What is CVE-2007-6249?

The etc-update component in Portage prior to version 2.1.3.11 on Gentoo Linux has a design flaw where it depends on the umask setting to determine permissions for the merge file. This may lead to insufficient permission levels compared to the original files, enabling local users to access sensitive information by reading the improperly secured merge file.

References

http://sources.gentoo.org/viewcvs.py/portage?rev=7799&vie...

x_refsource_CONFIRM

http://secunia.com/advisories/28094

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/39035

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 15, 2007
Vulnerability Reserved
Dec 5, 2007