CVE-2004-1901

nvd nist

Published: Dec 31, 2004Modified: Apr 16, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles.

Affected (5)

Products: Gentoo: Linux, Portage

Gentoo

2 products

Linux

Portage

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Gentoo Linux	Version 1.4
Gentoo Linux	Version 1.4 rc1
Gentoo Linux	Version 1.4 rc2
Gentoo Portage	Before 2.0.50
Gentoo Portage	Version 2.0.50

Related CWEs

CWE-59

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (8)

http://secunia.com/advisories/11305

Source: cve@mitre.org

Broken LinkPatch

http://security.gentoo.org/glsa/glsa-200404-01.xml

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/10060

Source: cve@mitre.org

Broken LinkPatchThird Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/15754

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://secunia.com/advisories/11305

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkPatch

http://security.gentoo.org/glsa/glsa-200404-01.xml

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/10060

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkPatchThird Party AdvisoryVDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/15754

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.