Joined: 13 Jun 2003
Location: Dresden, Germany
|Posted: Thu Aug 12, 2004 2:53 pm Post subject: [ GLSA 200408-11 ] Nessus: "adduser" race conditio
|Gentoo Linux Security Advisory
Title: Nessus: "adduser" race condition vulnerability (GLSA 200408-11)
Date: August 12, 2004
Updated: May 22, 2006
Nessus contains a vulnerability allowing a user to perform a privilege escalation attack.
Nessus is a free and powerful network security scanner.
Vulnerable: <= 2.0.11
Unaffected: >= 2.0.12
Architectures: All supported architectures
A race condition can occur in "nessus-adduser" if the user has not configured their TMPDIR variable.
A malicious user could exploit this bug to escalate privileges to the rights of the user running "nessus-adduser".
There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of Nessus.
All Nessus users should upgrade to the latest version:
|# emerge sync
# emerge -pv ">=net-analyzer/nessus-2.0.12"
# emerge ">=net-analyzer/nessus-2.0.12"
Last edited by GLSA on Mon Oct 30, 2006 4:16 am; edited 4 times in total