Lucene search

PRIOn knowledge basePRION:CVE-2014-3986

HistoryJun 08, 2014 - 6:55 p.m.

Design/Logic Flaw

2014-06-0818:55:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name.

CPENameOperatorVersion
lyniseq1.5.2
lyniseq1.5.0
lyniseq1.5.3
lynisle1.5.4
lyniseq1.5.1

Name	Operator	Version
lynis	eq	1.5.2
lynis	eq	1.5.0
lynis	eq	1.5.3
lynis	le	1.5.4
lynis	eq	1.5.1

References

openwall.com/lists/oss-security/2014/06/05/14

openwall.com/lists/oss-security/2014/06/06/12

openwall.com/lists/oss-security/2014/06/07/3

seclists.org/fulldisclosure/2014/Jun/21

cisofy.com/files/lynis-1.5.5.tar.gz