{"id":"CVE-2019-20384","details":"Gentoo Portage through 2.3.84 allows local users to place a Trojan horse plugin in the /usr/lib64/nagios/plugins directory by leveraging access to the nagios user account, because this directory is writable in between a call to emake and a call to fowners.","modified":"2026-03-14T09:36:52.617662Z","published":"2020-01-21T00:15:14.563Z","references":[{"type":"REPORT","url":"https://bugs.gentoo.org/692492"},{"type":"EVIDENCE","url":"http://www.openwall.com/lists/oss-security/2020/01/21/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gentoo/portage","events":[{"introduced":"0"},{"last_affected":"b69ca62cd09f54ccbeeb320fd5d462d257f69b01"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.3.84"}]}}],"versions":["master1","portage-2.3.0","portage-2.3.1","portage-2.3.10","portage-2.3.11","portage-2.3.12","portage-2.3.13","portage-2.3.14","portage-2.3.15","portage-2.3.16","portage-2.3.17","portage-2.3.18","portage-2.3.19","portage-2.3.2","portage-2.3.20","portage-2.3.21","portage-2.3.22","portage-2.3.23","portage-2.3.24","portage-2.3.25","portage-2.3.26","portage-2.3.27","portage-2.3.28","portage-2.3.29","portage-2.3.3","portage-2.3.30","portage-2.3.31","portage-2.3.32","portage-2.3.33","portage-2.3.34","portage-2.3.35","portage-2.3.36","portage-2.3.37","portage-2.3.38","portage-2.3.39","portage-2.3.4","portage-2.3.40","portage-2.3.41","portage-2.3.42","portage-2.3.43","portage-2.3.44","portage-2.3.45","portage-2.3.46","portage-2.3.47","portage-2.3.48","portage-2.3.49","portage-2.3.5","portage-2.3.50","portage-2.3.51","portage-2.3.52","portage-2.3.53","portage-2.3.54","portage-2.3.55","portage-2.3.56","portage-2.3.57","portage-2.3.58","portage-2.3.59","portage-2.3.6","portage-2.3.60","portage-2.3.61","portage-2.3.62","portage-2.3.63","portage-2.3.64","portage-2.3.65","portage-2.3.66","portage-2.3.67","portage-2.3.68","portage-2.3.69","portage-2.3.7","portage-2.3.70","portage-2.3.71","portage-2.3.72","portage-2.3.73","portage-2.3.74","portage-2.3.75","portage-2.3.76","portage-2.3.77","portage-2.3.78","portage-2.3.79","portage-2.3.80","portage-2.3.81","portage-2.3.82","portage-2.3.83","portage-2.3.84","portage-2.3.9","repoman-2.3.0","repoman-2.3.1","repoman-2.3.10","repoman-2.3.11","repoman-2.3.12","repoman-2.3.13","repoman-2.3.14","repoman-2.3.15","repoman-2.3.16","repoman-2.3.17","repoman-2.3.18","repoman-2.3.19","repoman-2.3.2","repoman-2.3.20","repoman-2.3.3","repoman-2.3.5","repoman-2.3.6","repoman-2.3.7","repoman-2.3.8","repoman-2.3.9","v2.0.53_rc4_2111","v2.0.53_rc5","v2.0.53_rc6","v2.0.53_rc7","v2.1","v2.1.1","v2.1.2","v2.1.2-r3","v2.1_pre1","v2.1_pre10","v2.1_pre2","v2.1_pre3","v2.1_pre5_2760","v2.1_pre5_2761","v2.1_pre6","v2.1_pre7","v2.1_pre8","v2.1_pre9","v2.1_rc1","v2.1_rc2","v2.1_rc3","v2.1_rc4","v2.2.0","v2.2.0_alpha1","v2.2.0_alpha10","v2.2.0_alpha100","v2.2.0_alpha101","v2.2.0_alpha102","v2.2.0_alpha103","v2.2.0_alpha104","v2.2.0_alpha105","v2.2.0_alpha106","v2.2.0_alpha107","v2.2.0_alpha108","v2.2.0_alpha109","v2.2.0_alpha11","v2.2.0_alpha110","v2.2.0_alpha111","v2.2.0_alpha112","v2.2.0_alpha113","v2.2.0_alpha114","v2.2.0_alpha115","v2.2.0_alpha116","v2.2.0_alpha117","v2.2.0_alpha118","v2.2.0_alpha119","v2.2.0_alpha12","v2.2.0_alpha120","v2.2.0_alpha121","v2.2.0_alpha122","v2.2.0_alpha123","v2.2.0_alpha124","v2.2.0_alpha125","v2.2.0_alpha126","v2.2.0_alpha127","v2.2.0_alpha128","v2.2.0_alpha129","v2.2.0_alpha13","v2.2.0_alpha130","v2.2.0_alpha131","v2.2.0_alpha132","v2.2.0_alpha133","v2.2.0_alpha134","v2.2.0_alpha135","v2.2.0_alpha136","v2.2.0_alpha137","v2.2.0_alpha138","v2.2.0_alpha139","v2.2.0_alpha14","v2.2.0_alpha140","v2.2.0_alpha141","v2.2.0_alpha142","v2.2.0_alpha143","v2.2.0_alpha144","v2.2.0_alpha145","v2.2.0_alpha146","v2.2.0_alpha147","v2.2.0_alpha148","v2.2.0_alpha149","v2.2.0_alpha15","v2.2.0_alpha150","v2.2.0_alpha151","v2.2.0_alpha152","v2.2.0_alpha153","v2.2.0_alpha154","v2.2.0_alpha155","v2.2.0_alpha156","v2.2.0_alpha157","v2.2.0_alpha158","v2.2.0_alpha159","v2.2.0_alpha16","v2.2.0_alpha160","v2.2.0_alpha161","v2.2.0_alpha162","v2.2.0_alpha163","v2.2.0_alpha164","v2.2.0_alpha165","v2.2.0_alpha166","v2.2.0_alpha167","v2.2.0_alpha168","v2.2.0_alpha169","v2.2.0_alpha17","v2.2.0_alpha170","v2.2.0_alpha171","v2.2.0_alpha172","v2.2.0_alpha173","v2.2.0_alpha174","v2.2.0_alpha175","v2.2.0_alpha176","v2.2.0_alpha177","v2.2.0_alpha178","v2.2.0_alpha179","v2.2.0_alpha18","v2.2.0_alpha180","v2.2.0_alpha181","v2.2.0_alpha182","v2.2.0_alpha183","v2.2.0_alpha184","v2.2.0_alpha185","v2.2.0_alpha186","v2.2.0_alpha187","v2.2.0_alpha188","v2.2.0_alpha189","v2.2.0_alpha19","v2.2.0_alpha190","v2.2.0_alpha191","v2.2.0_alpha192","v2.2.0_alpha193","v2.2.0_alpha194","v2.2.0_alpha195","v2.2.0_alpha196","v2.2.0_alpha2","v2.2.0_alpha20","v2.2.0_alpha21","v2.2.0_alpha22","v2.2.0_alpha23","v2.2.0_alpha24","v2.2.0_alpha25","v2.2.0_alpha26","v2.2.0_alpha27","v2.2.0_alpha28","v2.2.0_alpha29","v2.2.0_alpha3","v2.2.0_alpha30","v2.2.0_alpha31","v2.2.0_alpha32","v2.2.0_alpha33","v2.2.0_alpha34","v2.2.0_alpha35","v2.2.0_alpha36","v2.2.0_alpha37","v2.2.0_alpha38","v2.2.0_alpha39","v2.2.0_alpha4","v2.2.0_alpha40","v2.2.0_alpha41","v2.2.0_alpha42","v2.2.0_alpha43","v2.2.0_alpha44","v2.2.0_alpha45","v2.2.0_alpha46","v2.2.0_alpha47","v2.2.0_alpha48","v2.2.0_alpha49","v2.2.0_alpha5","v2.2.0_alpha50","v2.2.0_alpha51","v2.2.0_alpha52","v2.2.0_alpha53","v2.2.0_alpha54","v2.2.0_alpha55","v2.2.0_alpha56","v2.2.0_alpha57","v2.2.0_alpha58","v2.2.0_alpha59","v2.2.0_alpha6","v2.2.0_alpha60","v2.2.0_alpha61","v2.2.0_alpha62","v2.2.0_alpha63","v2.2.0_alpha64","v2.2.0_alpha65","v2.2.0_alpha66","v2.2.0_alpha67","v2.2.0_alpha68","v2.2.0_alpha69","v2.2.0_alpha7","v2.2.0_alpha70","v2.2.0_alpha71","v2.2.0_alpha72","v2.2.0_alpha73","v2.2.0_alpha74","v2.2.0_alpha75","v2.2.0_alpha76","v2.2.0_alpha77","v2.2.0_alpha78","v2.2.0_alpha79","v2.2.0_alpha8","v2.2.0_alpha80","v2.2.0_alpha81","v2.2.0_alpha82","v2.2.0_alpha83","v2.2.0_alpha84","v2.2.0_alpha85","v2.2.0_alpha86","v2.2.0_alpha87","v2.2.0_alpha88","v2.2.0_alpha89","v2.2.0_alpha9","v2.2.0_alpha90","v2.2.0_alpha91","v2.2.0_alpha92","v2.2.0_alpha93","v2.2.0_alpha94","v2.2.0_alpha95","v2.2.0_alpha96","v2.2.0_alpha97","v2.2.0_alpha98","v2.2.0_alpha99","v2.2.1","v2.2.10","v2.2.11","v2.2.12","v2.2.13","v2.2.14","v2.2.14_rc1","v2.2.15","v2.2.16","v2.2.17","v2.2.18","v2.2.19","v2.2.2","v2.2.20","v2.2.21","v2.2.22","v2.2.23","v2.2.24","v2.2.25","v2.2.26","v2.2.27","v2.2.28","v2.2.3","v2.2.4","v2.2.5","v2.2.6","v2.2.7","v2.2.8","v2.2.9","v2.2_pre2","v2.2_pre3","v2.2_pre4","v2.2_pre6","v2.2_pre7","v2.2_pre8","v2.2_rc1","v2.2_rc10","v2.2_rc11","v2.2_rc12","v2.2_rc13","v2.2_rc14","v2.2_rc15","v2.2_rc16","v2.2_rc17","v2.2_rc18","v2.2_rc19","v2.2_rc2","v2.2_rc20","v2.2_rc21","v2.2_rc22","v2.2_rc23","v2.2_rc24","v2.2_rc25","v2.2_rc26","v2.2_rc27","v2.2_rc28","v2.2_rc29","v2.2_rc3","v2.2_rc30","v2.2_rc31","v2.2_rc32","v2.2_rc33","v2.2_rc34","v2.2_rc35","v2.2_rc36","v2.2_rc37","v2.2_rc38","v2.2_rc39","v2.2_rc4","v2.2_rc40","v2.2_rc41","v2.2_rc42","v2.2_rc43","v2.2_rc44","v2.2_rc45","v2.2_rc46","v2.2_rc47","v2.2_rc48","v2.2_rc48_14769","v2.2_rc49","v2.2_rc5","v2.2_rc50","v2.2_rc51","v2.2_rc52","v2.2_rc53","v2.2_rc54","v2.2_rc55","v2.2_rc56","v2.2_rc57","v2.2_rc58","v2.2_rc59","v2.2_rc6","v2.2_rc60","v2.2_rc61","v2.2_rc62","v2.2_rc63","v2.2_rc64","v2.2_rc65","v2.2_rc66","v2.2_rc67","v2.2_rc68","v2.2_rc69","v2.2_rc7","v2.2_rc70","v2.2_rc71","v2.2_rc72","v2.2_rc73","v2.2_rc74","v2.2_rc75","v2.2_rc76","v2.2_rc77","v2.2_rc78","v2.2_rc79","v2.2_rc8","v2.2_rc80","v2.2_rc81","v2.2_rc82","v2.2_rc83","v2.2_rc84","v2.2_rc85","v2.2_rc86","v2.2_rc87","v2.2_rc88","v2.2_rc9","v2.2_rc90","v2.2_rc91","v2.2_rc92","v2.2_rc93","v2.2_rc94","v2.2_rc95","v2.2_rc96","v2.2_rc97","v2.2_rc98","v2.2_rc99","v2.3.0_rc1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-20384.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}