Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.
oryginał ENCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NGentoo Portage
APPGentoo≤ 2.3.84
Powiązane podatności
Brak weryfikacji podpisu PGP w Gentoo Portage emerge-webrsync
Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which...
The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not veri...
Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory...
Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfil...