MEDIUM🇵🇱 Wersja polska

CVE-2019-20384

CVSS 5.5v3.1pub. 2020-01-21upd. 2024-11-21

Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
  • Gentoo Portage

    APP
    Gentoo
    ≤ 2.3.84
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2016-20021CRITICAL9.8PL ✓ten sam produkt

Brak weryfikacji podpisu PGP w Gentoo Portage emerge-webrsync

CVE-2004-2778HIGH7.1ten sam produkt

Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which...

CVE-2013-2100HIGH9.3ten sam produkt

The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not veri...

CVE-2008-4394MEDIUM6.9ten sam produkt

Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory...

CVE-2004-1901MEDIUM5.5ten sam produkt

Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfil...