CVE-2007-6249

CWE-200Information Exposure3 documents3 sources
Severity
2.1LOW
EPSS
0.1%
top 76.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Gentoo Portage
Timeline
PublishedDec 15
Latest updateMay 1

Description

etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file.

CVSS vector

AV:L/AC:L/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

NVDgentoo/portage2.1.3.10

🔴Vulnerability Details

2
GHSA
GHSA-vfqg-qqv4-ghx2: etc-update in Portage before 22022-05-01
CVEList
CVE-2007-6249: etc-update in Portage before 22007-12-15
CVE-2007-6249 (LOW CVSS 2.1) | etc-update in Portage before 2.1.3. | cvebase.io