Vulnerability Details CVE-2004-2778
Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or executing the affected commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 15.0%
CVSS Severity
CVSS v3 Score 7.1
CVSS v2 Score 3.6
References
- http://www.openwall.com/lists/oss-security/2017/01/28/7
- https://bugs.gentoo.org/show_bug.cgi?id=141619
- https://bugs.gentoo.org/show_bug.cgi?id=396153
- https://bugs.gentoo.org/show_bug.cgi?id=58611
- https://bugs.gentoo.org/show_bug.cgi?id=607426
- https://bugs.gentoo.org/show_bug.cgi?id=607430
- http://www.openwall.com/lists/oss-security/2017/01/28/7
- https://bugs.gentoo.org/show_bug.cgi?id=141619
- https://bugs.gentoo.org/show_bug.cgi?id=396153
- https://bugs.gentoo.org/show_bug.cgi?id=58611
- https://bugs.gentoo.org/show_bug.cgi?id=607426
- https://bugs.gentoo.org/show_bug.cgi?id=607430
Products affected by CVE-2004-2778
-
cpe:2.3:a:gentoo:portage:-
-
cpe:2.3:a:gentoo:portage:2.0.50
-
cpe:2.3:a:gentoo:portage:2.0.51.22
-
cpe:2.3:a:gentoo:portage:2.1.1
-
cpe:2.3:a:gentoo:portage:2.1.3.10
-
cpe:2.3:a:gentoo:portage:2.1.4.4
-
cpe:2.3:a:gentoo:portage:2.3.79
-
cpe:2.3:a:gentoo:portage:2.3.80
-
cpe:2.3:a:gentoo:portage:2.3.81
-
cpe:2.3:a:gentoo:portage:2.3.82
-
cpe:2.3:a:gentoo:portage:2.3.83
-
cpe:2.3:a:gentoo:portage:2.3.84
-
cpe:2.3:a:gentoo:portage:2.3.85
-
cpe:2.3:a:gentoo:portage:3.0.47