Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200408-11 ] Nessus: "adduser" race condition vulnerability
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Moderator
Moderator


Joined: 13 Jun 2003
Posts: 4087
Location: Dresden, Germany

PostPosted: Thu Aug 12, 2004 2:53 pm    Post subject: [ GLSA 200408-11 ] Nessus: "adduser" race conditio Reply with quote

Gentoo Linux Security Advisory

Title: Nessus: "adduser" race condition vulnerability (GLSA 200408-11)
Severity: normal
Exploitable: local
Date: August 12, 2004
Updated: May 22, 2006
Bug(s): #58014
ID: 200408-11

Synopsis

Nessus contains a vulnerability allowing a user to perform a privilege escalation attack.

Background

Nessus is a free and powerful network security scanner.

Affected Packages

Package: net-analyzer/nessus
Vulnerable: <= 2.0.11
Unaffected: >= 2.0.12
Architectures: All supported architectures


Description

A race condition can occur in "nessus-adduser" if the user has not configured their TMPDIR variable.

Impact

A malicious user could exploit this bug to escalate privileges to the rights of the user running "nessus-adduser".

Workaround

There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of Nessus.

Resolution

All Nessus users should upgrade to the latest version:
Code:
# emerge sync
# emerge -pv ">=net-analyzer/nessus-2.0.12"
# emerge ">=net-analyzer/nessus-2.0.12"


References

Secunia Advisory
CVE-2004-1445


Last edited by GLSA on Mon Oct 30, 2006 4:16 am; edited 4 times in total
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum