CVE-2004-2778
HIGHGentoo Portage - Unprotected User Data Exposure via Directory and File Permission Changes
Title source: llmDescription
Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands.
References (6)
Core 6
Core References
Vendor Advisory x_refsource_confirm
https://bugs.gentoo.org/show_bug.cgi?id=141619
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2017/01/28/7
Vendor Advisory x_refsource_confirm
https://bugs.gentoo.org/show_bug.cgi?id=58611
Vendor Advisory x_refsource_confirm
https://bugs.gentoo.org/show_bug.cgi?id=607426
Vendor Advisory x_refsource_confirm
https://bugs.gentoo.org/show_bug.cgi?id=396153
Vendor Advisory x_refsource_confirm
https://bugs.gentoo.org/show_bug.cgi?id=607430
Scores
CVSS v3
7.1
EPSS
0.0005
EPSS Percentile
15.1%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-264
Status
published
Products (1)
gentoo/portage
Published
Jun 27, 2017
Tracked Since
Feb 18, 2026