CVE-2007-6249
Summary
| CVE | CVE-2007-6249 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-12-15 01:46:00 UTC |
| Updated | 2017-08-08 01:29:00 UTC |
| Description | etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| sources.gentoo.org/viewcvs.py/portage | CONFIRM | sources.gentoo.org | Exploit |
| Gentoo Portage May Disclose Information to Local Users - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Portage 'etc-update' Local Information Disclosure Vulnerability | BID | www.securityfocus.com | |
| Gentoo Portage "etc-update" Information Disclosure - Advisories - Secunia | SECUNIA | secunia.com | |
| 42636 | OSVDB | osvdb.org | |
| Gentoo Bug 193589 - sys-apps/portage < 2.1.3.11 File disclosure when when merging with etc-update (CVE-2007-6249) | CONFIRM | bugs.gentoo.org | Exploit |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Gentoo Linux Documentation -- Portage: Information disclosure | GENTOO | www.gentoo.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.