Vulnerability CVE-2019-20384
Published: 2020-01-21

Description:
Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.

Type:

CWE-281

 (Improper Preservation of Permissions)

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Gentoo -> Portage 

 References:
http://www.openwall.com/lists/oss-security/2020/01/21/1
https://bugs.gentoo.org/692492
Copyright 2024, cxsecurity.com

 

Back to Top