include/tests_webservers in Lynis prior to 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisofy lynis |
||
cisofy lynis 1.5.2 |
||
cisofy lynis 1.5.0 |
||
cisofy lynis 1.5.3 |
||
cisofy lynis 1.5.1 |