exploitDog

CVE-2004-1901

Опубликовано: 31 дек. 2004

Источник: nvd

CVSS3: 5.5

CVSS2: 4.6

EPSS Низкий

Описание

Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.

Ссылки

http://secunia.com/advisories/11305
Broken Link
Patch
http://security.gentoo.org/glsa/glsa-200404-01.xml
Vendor Advisory
http://www.securityfocus.com/bid/10060
Broken Link
Patch
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/15754
Third Party Advisory
VDB Entry
http://secunia.com/advisories/11305
Broken Link
Patch
http://security.gentoo.org/glsa/glsa-200404-01.xml
Vendor Advisory
http://www.securityfocus.com/bid/10060
Broken Link
Patch
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/15754
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gentoo:portage:*:*:*:*:*:*:*:*

Версия до 2.0.50 (исключая)

cpe:2.3:a:gentoo:portage:2.0.50:-:*:*:*:*:*:*

cpe:2.3:o:gentoo:linux:1.4:-:*:*:*:*:*:*

cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*

cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*

EPSS

Процентиль: 17%

0.00054

Низкий

5.5 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-59

CWE-59

Связанные уязвимости

GHSA-m82x-j38m-84qv

CVSS3: 5.5

github

почти 4 года назад

Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.

EPSS

Процентиль: 17%

0.00054

Низкий

5.5 Medium

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-59

CWE-59