Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.
oryginał ENCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NGentoo Linux
OSGentoo1.4Gentoo Portage
APPGentoo2.0.50< 2.0.50
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Referencje
Powiązane podatności
CVE-2024-12084CRITICAL9.8PL ✓ten sam produkt
Heap-based buffer overflow w rsync daemon — zapis poza granicami bufora sum2
CVE-2016-20021CRITICAL9.8PL ✓ten sam produkt
Brak weryfikacji podpisu PGP w Gentoo Portage emerge-webrsync
CVE-2024-12085HIGH7.5ten sam produkt
A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an att...
CVE-2022-23220HIGH7.8ten sam produkt
USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as roo...
CVE-2017-18284HIGH7.1ten sam produkt
The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp acco...