Sign in Get started

← All advisories

Medium severity5.5NVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-1901

CVE-2004-1901

Description

Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.

Affected products

5

Gentoo/Portage2 versions
cpe:2.3:a:gentoo:portage:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gentoo:portage:*:*:*:*:*:*:*:*range: <2.0.50
- cpe:2.3:a:gentoo:portage:2.0.50:-:*:*:*:*:*:*
Gentoo/Linux3 versions
cpe:2.3:o:gentoo:linux:1.4:-:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:gentoo:linux:1.4:-:*:*:*:*:*:*
- cpe:2.3:o:gentoo:linux:1.4:rc1:*:*:*:*:*:*
- cpe:2.3:o:gentoo:linux:1.4:rc2:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

secunia.com/advisories/11305nvdBroken LinkPatch
www.securityfocus.com/bid/10060nvdBroken LinkPatchThird Party AdvisoryVDB Entry
security.gentoo.org/glsa/glsa-200404-01.xmlnvdVendor Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/15754nvdThird Party AdvisoryVDB Entry

News mentions

0

No linked articles in our index yet.