Vulnerability Description
The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0.
CVSS Score
6.6
MEDIUM
AV:L/AC:L/Au:N/C:C/I:C/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gentoo | App-Crypt Pinentry | 0.7.2 |
| Gentoo | Linux | All versions |
References
- http://secunia.com/advisories/18284
- http://www.gentoo.org/security/en/glsa/glsa-200601-01.xmlPatchVendor Advisory
- http://www.osvdb.org/22211
- http://www.securityfocus.com/bid/16120Patch
- http://secunia.com/advisories/18284
- http://www.gentoo.org/security/en/glsa/glsa-200601-01.xmlPatchVendor Advisory
- http://www.osvdb.org/22211
- http://www.securityfocus.com/bid/16120Patch
FAQ
What is CVE-2006-0071?
CVE-2006-0071 is a vulnerability with a CVSS score of 6.6 (MEDIUM). The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0.
How severe is CVE-2006-0071?
CVE-2006-0071 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0071?
Check the references section above for vendor advisories and patch information. Affected products include: Gentoo App-Crypt Pinentry, Gentoo Linux.