Unrated severityNVD Advisory· Published Dec 15, 2007· Updated Apr 23, 2026

CVE-2007-6249

Description

etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file.

Affected products

Gentoo/Portage
cpe:2.3:a:gentoo:portage:*:*:*:*:*:*:*:*
Range: <=2.1.3.10

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugs.gentoo.org/show_bug.cginvdExploit
sources.gentoo.org/viewcvs.py/portagenvdExploit
osvdb.org/42636nvd
secunia.com/advisories/28094nvd
www.gentoo.org/security/en/glsa/glsa-200712-11.xmlnvd
www.securityfocus.com/bid/26864nvd
www.securitytracker.com/idnvd
exchange.xforce.ibmcloud.com/vulnerabilities/39035nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000