Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Gentoo: GLSA-202310-08 Critical: Portage Unauthorized Directory Escalation

gentoo
Calendar Grey October 9, 2008
Dist Gentoo Esm H88
Regional intruders might take advantage of this insecure path flaw in Gentoo Portage, allowing them to run commands with administrative rights.
A search path vulnerability in Portage allows local attackers to execute commands with root privileges if emerge is called from untrusted directories

Summary

Gentoo Linux Security Advisory GLSA 200810-02 https://security.gentoo.org/ Severity: High Title: Portage: Untrusted search path local root vulnerability Date: October 09, 2008 Bugs: #239560 ID: 200810-02

Synopsis ======= A search path vulnerability in Portage allows local attackers to execute commands with root privileges if emerge is called from untrusted directories.
Background ========= Portage is Gentoo's package manager which is responsible for installing, compiling and updating all packages on the system through the Gentoo rsync tree.
Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 sys-apps/portage < 2.1.4.5 >= 2.1.4.5
========== The Gentoo Security T...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory Gentoo high severity access control local root untrusted path Portage

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
critical
Lowest
Low
Medium
High
Critical

Topics%20covered

Topics Covered

security advisory Gentoo high severity access control local root untrusted path Portage

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here