PT-2014-5653 · Cisofy · Lynis

Murray Mcallister

Published

2014-06-08

Updated

2014-06-09

CVE-2014-3982

CVSS v2.0

3.3

Low

Vector

AV:L/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Lynis version 1.5.4 and earlier

Description The issue allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.##### file in the include/tests webservers component of Lynis.

Recommendations For versions prior to 1.5.5, consider updating to version 1.5.5 or later to resolve the issue. As a temporary workaround, restrict access to the /tmp directory to minimize the risk of exploitation.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2014-3982

Affected Products

Lynis

PT-2014-5653 · Cisofy · Lynis

CVE-2014-3982

Weakness Enumeration

Related Identifiers

Affected Products

References · 5