CVE-2011-3351

Name of the Vulnerable Software and Affected Versions openvas-scanner versions prior to 2011-09-11

Description The issue allows a local attacker to conduct symlink attacks, potentially overwriting arbitrary files on the system. This is due to the insecure creation of a temporary file when generating OVAL system characteristics documents with the ovaldi integrated tool enabled.

Recommendations For versions prior to 2011-09-11, update to a version released after 2011-09-11 to resolve the issue. As a temporary workaround, consider disabling the ovaldi integrated tool until a patch is available. Restrict access to the temporary files generated by openvas-scanner to minimize the risk of exploitation.