RSS   Vulnerabilities for 'Portage'   RSS

2020-01-21
 
CVE-2019-20384

CWE-281
 

 
Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.

 
2017-06-27
 
CVE-2004-2778

 

 
Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands.

 
2014-09-29
 
CVE-2013-2100

 

 
The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate.

 
2008-10-10
 
CVE-2008-4394

CWE-Other
 

 
Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds.

 
2007-12-14
 
CVE-2007-6249

 

 
etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file.

 

 >>> Vendor: Gentoo 27 Products
Linux
Syslinux
Mirrorselect
Poppassd pam
Webmin
Rootkit hunter
Linux webapp-config
Linux eix
Qt-unixodbc
Nview
Xnview
App-crypt pinentry
Media-libs jpeg
FILE
Glibc
Nvclock
Mldonkey ebuild
Portage
Xdg-utils
Php toolkit
CMAN
Fence
Logrotate
Nullmailer
Libsndfile
Dev-python-flower
Sci-mathematics-gimps


Copyright 2021, cxsecurity.com

 

Back to Top