The ebuild for pinentry prior to 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gentoo app-crypt pinentry 0.7.2 |
||
gentoo linux |