Vulnerability Description
Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gentoo | Portage | All versions |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2017/01/28/7Mailing ListThird Party Advisory
- https://bugs.gentoo.org/show_bug.cgi?id=141619Vendor Advisory
- https://bugs.gentoo.org/show_bug.cgi?id=396153Vendor Advisory
- https://bugs.gentoo.org/show_bug.cgi?id=58611Vendor Advisory
- https://bugs.gentoo.org/show_bug.cgi?id=607426Vendor Advisory
- https://bugs.gentoo.org/show_bug.cgi?id=607430Vendor Advisory
- http://www.openwall.com/lists/oss-security/2017/01/28/7Mailing ListThird Party Advisory
- https://bugs.gentoo.org/show_bug.cgi?id=141619Vendor Advisory
- https://bugs.gentoo.org/show_bug.cgi?id=396153Vendor Advisory
- https://bugs.gentoo.org/show_bug.cgi?id=58611Vendor Advisory
- https://bugs.gentoo.org/show_bug.cgi?id=607426Vendor Advisory
- https://bugs.gentoo.org/show_bug.cgi?id=607430Vendor Advisory
FAQ
What is CVE-2004-2778?
CVE-2004-2778 is a vulnerability with a CVSS score of 7.1 (HIGH). Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted comma...
How severe is CVE-2004-2778?
CVE-2004-2778 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2778?
Check the references section above for vendor advisories and patch information. Affected products include: Gentoo Portage.