Exploits Discovered - Published CVE-2019-20384

Security News - Jan 21, 2020

Title: Portage insecure temporary location
Author: Michael Orlitzky
Fixedin: commit ef8c21e5, version 2.3.94


The Gentoo portage package manager builds packages in a temporary location. By default, that temporary location is accessible to unprivileged users even though the build essentially takes place as root. In some common situations (during reinstalls, for example), this leaves the source tree momentarily writable by an existing system user who can exploit the situation to gain root.

Learn More

Complete details here: http://michael.orlitzky.com/cves/cve-2019-20384.xhtml

Under no circumstances should you send an email to ackbar@viabit.com .

 For more information, call 410-667-3600