Exploits Discovered - Published CVE-2019-20384
Title: Portage insecure temporary location
Author: Michael Orlitzky
Fixedin: commit ef8c21e5, version 2.3.94
The Gentoo portage package manager builds packages in a temporary location. By default, that temporary location is accessible to unprivileged users even though the build essentially takes place as root. In some common situations (during reinstalls, for example), this leaves the source tree momentarily writable by an existing system user who can exploit the situation to gain root.
Complete details here: http://michael.orlitzky.com/cves/cve-2019-20384.xhtml
For more information, call 410-667-3600