Vulnerability Details : CVE-2006-0071
The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0.
Products affected by CVE-2006-0071
- cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:app-crypt_pinentry:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:gentoo:app-crypt_pinentry:0.7.2:r1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-0071
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-0071
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.6
|
MEDIUM | AV:L/AC:L/Au:N/C:C/I:C/A:N |
3.9
|
9.2
|
NIST |
References for CVE-2006-0071
-
http://www.securityfocus.com/bid/16120
Patch
-
http://www.gentoo.org/security/en/glsa/glsa-200601-01.xml
Patch;Vendor Advisory
Jump to