Description
The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/22211
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16120
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18284
Patch, Vendor Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200601-01.xml
Scores
EPSS
0.0005
EPSS Percentile
16.8%
Details
Status
published
Products (2)
gentoo/app-crypt_pinentry
0.7.2 (2 CPE variants)
gentoo/linux
Published
Jan 04, 2006
Tracked Since
Feb 18, 2026