Published: 08/06/2017 Updated: 07/11/2023

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Unspecified tests in Lynis prior to 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisofy lynis

Unspecified tests in Lynis before 250 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file (CVE-2017-8108) ...

Michael Scherer discovered that some Lynis tests reuse the same temporary file As some tests remove the temporary file, this might give an attacker the possibility to perform a link following attack While timing must be perfect, there is a very small time window in which the attack can recreate the temporary file and symlink it to another resourc ...

CWE-59 https://github.com/CISOfy/lynis/releases/tag/2.5.0 https://cisofy.com/security/cve/cve-2017-8108/http://www.securityfocus.com/bid/99288 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZJHLLWNW7NASVXCK24YBSIUQQPWGCMB5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UJXMPYANXHI25NQZ36QMXNXANDRAA5YG/https://nvd.nist.gov https://alas.aws.amazon.com/ALAS-2017-847.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-8108

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect