CVE-2007-6249 Information

Description

etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file often resulting in permissions weaker than those of the original files which might allow local users to obtain sensitive information by reading the merge file.

Reference

http://bugs.gentoo.org/show_bug.cgi?id=193589 http://osvdb.org/42636 http://secunia.com/advisories/28094 http://sources.gentoo.org/viewcvs.py/portage?rev=7799&view=rev http://www.gentoo.org/security/en/glsa/glsa-200712-11.xml http://www.securityfocus.com/bid/26864 http://www.securitytracker.com/id?1019097 https://exchange.xforce.ibmcloud.com/vulnerabilities/39035