CVE-2014-3986CVE-2014-3986

Affected configuration(s):

cpe:/a:cisofy:lynis:1.5.0
cpe:/a:cisofy:lynis:1.5.1
cpe:/a:cisofy:lynis:1.5.2
cpe:/a:cisofy:lynis:1.5.3
cpe:/a:cisofy:lynis:1.5.4

Date published: 2014-06-08T14:55:06.673-04:00

Date last modified: 2014-06-09T13:23:07.507-04:00

CVSS Score: 3.3

Principal attack vector: LOCAL

Complexity:  MEDIUM

Reference URL: http://cisofy.com/files/lynis-1.5.5.tar.gz

Summary: include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *