Vulnerability Description
include/tests_webservers in Lynis before 1.5.5 on AIX allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.##### file.
CVSS Score
3.3
LOW
AV:L/AC:M/Au:N/C:N/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisofy | Lynis | <= 1.5.4 |
Related Weaknesses (CWE)
References
- http://cisofy.com/files/lynis-1.5.5.tar.gzPatch
- http://openwall.com/lists/oss-security/2014/06/05/14
- http://openwall.com/lists/oss-security/2014/06/06/12
- http://openwall.com/lists/oss-security/2014/06/07/3
- http://cisofy.com/files/lynis-1.5.5.tar.gzPatch
- http://openwall.com/lists/oss-security/2014/06/05/14
- http://openwall.com/lists/oss-security/2014/06/06/12
- http://openwall.com/lists/oss-security/2014/06/07/3
FAQ
What is CVE-2014-3982?
CVE-2014-3982 is a vulnerability with a CVSS score of 3.3 (LOW). include/tests_webservers in Lynis before 1.5.5 on AIX allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.##### file.
How severe is CVE-2014-3982?
CVE-2014-3982 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3982?
Check the references section above for vendor advisories and patch information. Affected products include: Cisofy Lynis.