GLSA Bodhisattva
Joined: 13 Jun 2003 Posts: 4087 Location: Dresden, Germany
|
Posted: Thu Aug 12, 2004 2:53 pm Post subject: [ GLSA 200408-11 ] Nessus: "adduser" race conditio |
|
|
Gentoo Linux Security Advisory
Title: Nessus: "adduser" race condition vulnerability (GLSA 200408-11)
Severity: normal
Exploitable: local
Date: August 12, 2004
Updated: May 22, 2006
Bug(s): #58014
ID: 200408-11
Synopsis
Nessus contains a vulnerability allowing a user to perform a privilege escalation attack.
Background
Nessus is a free and powerful network security scanner.
Affected Packages
Package: net-analyzer/nessus
Vulnerable: <= 2.0.11
Unaffected: >= 2.0.12
Architectures: All supported architectures
Description
A race condition can occur in "nessus-adduser" if the user has not configured their TMPDIR variable.
Impact
A malicious user could exploit this bug to escalate privileges to the rights of the user running "nessus-adduser".
Workaround
There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of Nessus.
Resolution
All Nessus users should upgrade to the latest version: Code: | # emerge sync
# emerge -pv ">=net-analyzer/nessus-2.0.12"
# emerge ">=net-analyzer/nessus-2.0.12" |
References
Secunia Advisory
CVE-2004-1445
Last edited by GLSA on Mon Oct 30, 2006 4:16 am; edited 4 times in total |
|