CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Gentoo : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-2032 264 Bypass 2013-11-17 2013-11-24
5.0
None Remote Low Not required None Partial None
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks.
2 CVE-2013-2031 79 XSS 2013-11-17 2014-04-19
4.3
None Remote Medium Not required None Partial None
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox.
3 CVE-2013-0348 264 +Info 2013-12-13 2014-01-13
2.1
None Local Low Not required Partial None None
thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.
4 CVE-2012-4893 352 Exec Code CSRF 2012-09-11 2012-09-12
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a different issue than CVE-2012-2982.
5 CVE-2012-2983 287 2012-09-11 2013-05-29
5.0
None Remote Low Not required Partial None None
file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field.
6 CVE-2012-2982 Exec Code 2012-09-11 2013-05-29
6.5
None Remote Low Single system Partial Partial Partial
file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.
7 CVE-2012-2981 20 Exec Code 2012-09-11 2013-05-29
6.0
None Remote Medium Single system Partial Partial Partial
Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter.
8 CVE-2011-1550 264 2011-03-30 2011-04-07
6.3
None Local Medium Not required None Complete Complete
The default configuration of logrotate on SUSE openSUSE Factory uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories for the (1) cobbler, (2) inn, (3) safte-monitor, and (4) uucp packages.
9 CVE-2011-1549 264 2011-03-30 2011-04-20
6.3
None Local Medium Not required None Complete Complete
The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages.
10 CVE-2011-1548 264 2011-03-30 2011-04-20
6.3
None Local Medium Not required None Complete Complete
The default configuration of logrotate on Debian GNU/Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by /var/log/postgresql/.
11 CVE-2011-1155 399 DoS 2011-03-30 2011-04-20
1.9
None Local Medium Not required None None Partial
The writeState function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to cause a denial of service (rotation outage) via a (1) \n (newline) or (2) \ (backslash) character in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
12 CVE-2011-1154 20 Exec Code 2011-03-30 2011-04-20
6.9
None Local Medium Not required Complete Complete Complete
The shred_file function in logrotate.c in logrotate 3.7.9 and earlier might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostname or virtual machine name.
13 CVE-2011-1098 362 2011-03-30 2011-04-20
1.9
None Local Medium Not required Partial None None
Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.
14 CVE-2010-1159 119 DoS Exec Code Overflow 2013-10-28 2013-10-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) large length value in an EAPOL packet or (2) long EAPOL packet.
15 CVE-2008-4580 59 2008-10-15 2011-02-14
7.2
Admin Local Low Not required Complete Complete Complete
fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary file.
16 CVE-2008-4579 59 2008-10-15 2013-01-22
1.9
None Local Medium Not required None Partial None
The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file.
17 CVE-2008-4394 Exec Code 2008-10-10 2009-07-23
6.9
Admin Local Medium Not required Complete Complete Complete
Multiple untrusted search path vulnerabilities in Portage before 2.1.4.5 include the current working directory in the Python search path, which allows local users to execute arbitrary code via a modified Python module that is loaded by the (1) ys-apps/portage, (2) net-mail/fetchmail, (3) app-editors/leo ebuilds, and other ebuilds.
18 CVE-2008-1734 20 DoS 2008-04-18 2008-09-05
3.6
None Local Low Not required Partial None Partial
Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.
19 CVE-2008-1383 310 2008-03-18 2008-11-13
1.9
None Local Medium Not required Partial None None
The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate.
20 CVE-2008-1078 59 2008-02-28 2009-01-10
7.2
Admin Local Low Not required Complete Complete Complete
expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1.
21 CVE-2008-0386 20 Exec Code 2008-02-04 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email.
22 CVE-2007-6249 200 +Info 2007-12-14 2008-11-15
2.1
None Local Low Not required None Partial None
etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file.
23 CVE-2007-5714 287 Exec Code 2007-10-30 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account with an empty default password and valid login shell, which might allow remote attackers to obtain login access and execute arbitrary code.
24 CVE-2007-3531 2007-07-25 2008-11-15
6.6
Admin Local Medium Single system Complete Complete Complete
The set_default_speeds function in backend/backend.c in NVidia NVClock before 0.8b2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/nvclock temporary file.
25 CVE-2007-3508 189 Exec Code Overflow 2007-07-03 2012-11-05
7.2
Admin Local Low Not required Complete Complete Complete
** DISPUTED ** Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe that this issue is exploitable for code execution.
26 CVE-2007-2194 1 Exec Code Overflow 2007-04-24 2008-11-13
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in XnView 1.90.3 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information.
27 CVE-2007-2026 DoS 2007-04-13 2008-11-15
7.8
None Remote Low Not required None None Complete
The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressions that use wildcards, as originally reported for AMaViS.
28 CVE-2007-1500 2007-03-19 2008-11-13
4.3
None Local Low Single system Partial Partial Partial
The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat.
29 CVE-2007-0476 2007-01-24 2008-11-15
4.6
User Local Low Not required Partial Partial Partial
The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack.
30 CVE-2006-3005 DoS 2006-06-13 2008-09-05
5.0
None Remote Low Not required None None Partial
The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits.
31 CVE-2006-1390 Exec Code Overflow 2006-03-24 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks.
32 CVE-2006-0071 2006-01-03 2008-09-05
6.6
None Local Low Not required Complete Complete None
The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0.
33 CVE-2005-4595 Exec Code 2005-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView 4.51 on Gentoo Linux allows local users to execute arbitrary code via a malicious library in the current working directory.
34 CVE-2005-4279 +Priv 2005-12-16 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.
35 CVE-2005-3785 2005-11-23 2008-09-05
5.0
None Remote Low Not required None Partial None
Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX (eix) before 0.5.0_pre2 allows local users to overwrite arbitrary files via a symlink attack on the exi.X.sync temporary file, which is processed by the diff-eix program.
36 CVE-2005-3625 399 DoS 2005-12-31 2010-10-18
10.0
None Remote Low Not required Complete Complete Complete
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
37 CVE-2005-3624 189 Overflow 2005-12-31 2010-11-19
5.0
None Remote Low Not required None Partial None
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
38 CVE-2005-2557 XSS 2005-09-28 2008-09-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090.
39 CVE-2005-1707 2005-05-24 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 allows local users to overwrite arbitrary files via a symlink attack on the postinst.txt temporary file.
40 CVE-2005-1270 2005-04-26 2008-09-05
2.1
None Local Low Not required None Partial None
The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter before 1.2.3-r1 create temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack.
41 CVE-2005-1267 DoS 2005-06-10 2010-08-21
5.0
None Remote Low Not required None None Partial
The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.
42 CVE-2005-1121 Exec Code 2005-05-02 2008-09-05
5.0
None Remote Low Not required None Partial None
Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attackers to execute arbitrary code via a URL.
43 CVE-2005-0988 2005-05-02 2010-08-21
3.7
None Local High Not required Partial Partial Partial
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.
44 CVE-2005-0754 Exec Code 2005-04-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.
45 CVE-2005-0667 Exec Code Overflow 2005-03-07 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.
46 CVE-2005-0535 CSRF 2005-02-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users.
47 CVE-2005-0470 DoS Overflow 2005-03-14 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data.
48 CVE-2005-0427 2005-05-02 2008-09-05
5.0
None Remote Low Not required Partial None None
The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain and possibly crack the encrypted password.
49 CVE-2005-0206 Overflow 2005-04-27 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
50 CVE-2005-0077 2005-05-02 2010-08-21
2.1
None Local Low Not required None Partial None
The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.
Total number of vulnerabilities : 161   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.