Unspecified tests in Lynis prior to 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file.
Unspecified tests in Lynis before 250 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file (CVE-2017-8108) ...
Michael Scherer discovered that some Lynis tests reuse the same temporary file As some tests remove the temporary file, this might give an attacker the possibility to perform a link following attack While timing must be perfect, there is a very small time window in which the attack can recreate the temporary file and symlink it to another resourc ...