Unrated severityNVD Advisory· Published Dec 15, 2007· Updated Jun 16, 2026
CVE-2007-6249
CVE-2007-6249
Description
etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:gentoo:portage:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gentoo:portage:*:*:*:*:*:*:*:*range: <=2.1.3.10
- (no CPE)range: <2.1.3.11
Patches
Vulnerability mechanics
References
8- bugs.gentoo.org/show_bug.cginvdExploit
- sources.gentoo.org/viewcvs.py/portagenvdExploit
- osvdb.org/42636nvd
- secunia.com/advisories/28094nvd
- www.gentoo.org/security/en/glsa/glsa-200712-11.xmlnvd
- www.securityfocus.com/bid/26864nvd
- www.securitytracker.com/idnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/39035nvd
News mentions
0No linked articles in our index yet.