Description
etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file.
References (8)
Core 8
Core References
Exploit x_refsource_confirm
http://sources.gentoo.org/viewcvs.py/portage?rev=7799&view=rev
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28094
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39035
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26864
Exploit x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=193589
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/42636
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019097
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200712-11.xml
Scores
EPSS
0.0008
EPSS Percentile
23.1%
Details
CWE
CWE-200
Status
published
Products (1)
gentoo/portage
< 2.1.3.10
Published
Dec 15, 2007
Tracked Since
Feb 18, 2026