Vulnerabilities > CVE-2019-20384 - Improper Preservation of Permissions vulnerability in Gentoo Portage
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 11 |