CVE-2007-6249

medium

Description

etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/39035

http://www.securitytracker.com/id?1019097

http://www.securityfocus.com/bid/26864

http://www.gentoo.org/security/en/glsa/glsa-200712-11.xml

http://secunia.com/advisories/28094

http://osvdb.org/42636

Details

Source: Mitre, NVD

Published: 2007-12-15

Updated: 2017-08-08

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium