The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0.
References
Configurations
History
21 Nov 2024, 00:05
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/18284 - | |
References | () http://www.gentoo.org/security/en/glsa/glsa-200601-01.xml - Patch, Vendor Advisory | |
References | () http://www.osvdb.org/22211 - | |
References | () http://www.securityfocus.com/bid/16120 - Patch |
Information
Published : 2006-01-04 00:03
Updated : 2024-11-21 00:05
NVD link : CVE-2006-0071
Mitre link : CVE-2006-0071
CVE.ORG link : CVE-2006-0071
JSON object : View
Products Affected
gentoo
- app-crypt_pinentry
- linux
CWE