Note:
This project will be discontinued after December 13, 2021. [more]
2018-06-04
The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow local users to obtain read and write access to arbitrary files by leveraging access to a certain account for a burp-server.conf change.
| Products | Burp |
| Type | Incorrect Permission Assignment for Critical Resource (CWE-732) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://security.gentoo.org/glsa/201806-03
• https://bugs.gentoo.org/641842 • https://security.gentoo.org/glsa/201904-05 |