CVE-2019-20384 - Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/na

CVE-2019-20384

Summary

Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.

References

http://www.openwall.com/lists/oss-security/2020/01/21/1
https://bugs.gentoo.org/692492

Vulnerable Configurations

CVSS

Base:	5.0
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

21-01-2020 - 00:15

Published

21-01-2020 - 00:15

Last modified

21-01-2020 - 13:19