{"api_version":"1","generated_at":"2026-05-13T03:12:06+00:00","cve":"CVE-2007-6249","urls":{"html":"https://cve.report/CVE-2007-6249","api":"https://cve.report/api/cve/CVE-2007-6249.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-6249","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-6249"},"summary":{"title":"CVE-2007-6249","description":"etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file.","state":"PUBLISHED","assigner":"mitre","published_at":"2007-12-15 01:46:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-200","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"2.1","severity":"","vector":"AV:L/AC:L/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://bugs.gentoo.org/show_bug.cgi?id=193589","name":"http://bugs.gentoo.org/show_bug.cgi?id=193589","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"Gentoo Bug 193589 - sys-apps/portage < 2.1.3.11 File disclosure when when merging with etc-update (CVE-2007-6249)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1019097","name":"http://www.securitytracker.com/id?1019097","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Gentoo Portage May Disclose Information to Local Users - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/26864","name":"http://www.securityfocus.com/bid/26864","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Portage 'etc-update' Local Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.gentoo.org/security/en/glsa/glsa-200712-11.xml","name":"http://www.gentoo.org/security/en/glsa/glsa-200712-11.xml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Gentoo Linux Documentation\n--\n  Portage: Information disclosure","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39035","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39035","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/42636","name":"http://osvdb.org/42636","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://secunia.com/advisories/28094","name":"http://secunia.com/advisories/28094","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Gentoo Portage \"etc-update\" Information Disclosure - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://sources.gentoo.org/viewcvs.py/portage?rev=7799&view=rev","name":"http://sources.gentoo.org/viewcvs.py/portage?rev=7799&view=rev","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-6249","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-6249","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"6249","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"gentoo","cpe5":"linux","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"6249","vulnerable":"1","versionEndIncluding":"2.1.3.10","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gentoo","cpe5":"portage","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T16:02:36.433Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://sources.gentoo.org/viewcvs.py/portage?rev=7799&view=rev"},{"name":"28094","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/28094"},{"name":"portage-etcupdate-information-disclosure(39035)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39035"},{"name":"26864","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/26864"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://bugs.gentoo.org/show_bug.cgi?id=193589"},{"name":"42636","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/42636"},{"name":"1019097","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1019097"},{"name":"GLSA-200712-11","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"http://www.gentoo.org/security/en/glsa/glsa-200712-11.xml"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-09-24T00:00:00.000Z","descriptions":[{"lang":"en","value":"etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-07T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"http://sources.gentoo.org/viewcvs.py/portage?rev=7799&view=rev"},{"name":"28094","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/28094"},{"name":"portage-etcupdate-information-disclosure(39035)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39035"},{"name":"26864","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/26864"},{"tags":["x_refsource_CONFIRM"],"url":"http://bugs.gentoo.org/show_bug.cgi?id=193589"},{"name":"42636","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/42636"},{"name":"1019097","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1019097"},{"name":"GLSA-200712-11","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"http://www.gentoo.org/security/en/glsa/glsa-200712-11.xml"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-6249","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://sources.gentoo.org/viewcvs.py/portage?rev=7799&view=rev","refsource":"CONFIRM","url":"http://sources.gentoo.org/viewcvs.py/portage?rev=7799&view=rev"},{"name":"28094","refsource":"SECUNIA","url":"http://secunia.com/advisories/28094"},{"name":"portage-etcupdate-information-disclosure(39035)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/39035"},{"name":"26864","refsource":"BID","url":"http://www.securityfocus.com/bid/26864"},{"name":"http://bugs.gentoo.org/show_bug.cgi?id=193589","refsource":"CONFIRM","url":"http://bugs.gentoo.org/show_bug.cgi?id=193589"},{"name":"42636","refsource":"OSVDB","url":"http://osvdb.org/42636"},{"name":"1019097","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1019097"},{"name":"GLSA-200712-11","refsource":"GENTOO","url":"http://www.gentoo.org/security/en/glsa/glsa-200712-11.xml"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-6249","datePublished":"2007-12-15T01:00:00.000Z","dateReserved":"2007-12-05T00:00:00.000Z","dateUpdated":"2024-08-07T16:02:36.433Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-12-15 01:46:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-200","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*","matchCriteriaId":"647BA336-5538-4972-9271-383A0EC9378E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:gentoo:portage:*:*:*:*:*:*:*:*","versionEndIncluding":"2.1.3.10","matchCriteriaId":"0464455F-56EB-4349-B9E5-0B3B2941EC86"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"6249","Ordinal":"1","Title":"CVE-2007-6249","CVE":"CVE-2007-6249","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"6249","Ordinal":"1","NoteData":"etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file.","Type":"Description","Title":"CVE-2007-6249"},{"CveYear":"2007","CveId":"6249","Ordinal":"2","NoteData":"2007-12-14","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"6249","Ordinal":"3","NoteData":"2017-08-07","Type":"Other","Title":"Modified"}]}}}