Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds.
oryginał ENAV:L/AC:M/Au:N/C:C/I:C/A:CGentoo Portage
APPGentoo2.0.51.222.1.12.1.3.102.1.3.11≤ 2.1.4.4
Powiązane podatności
Brak weryfikacji podpisu PGP w Gentoo Portage emerge-webrsync
Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which...
The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not veri...
Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugi...
Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfil...