Vulnerability Description
include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name.
CVSS Score
3.3
LOW
AV:L/AC:M/Au:N/C:N/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisofy | Lynis | <= 1.5.4 |
Related Weaknesses (CWE)
References
- http://cisofy.com/files/lynis-1.5.5.tar.gz
- http://openwall.com/lists/oss-security/2014/06/05/14
- http://openwall.com/lists/oss-security/2014/06/06/12
- http://openwall.com/lists/oss-security/2014/06/07/3
- http://seclists.org/fulldisclosure/2014/Jun/21
- http://cisofy.com/files/lynis-1.5.5.tar.gz
- http://openwall.com/lists/oss-security/2014/06/05/14
- http://openwall.com/lists/oss-security/2014/06/06/12
- http://openwall.com/lists/oss-security/2014/06/07/3
- http://seclists.org/fulldisclosure/2014/Jun/21
FAQ
What is CVE-2014-3986?
CVE-2014-3986 is a vulnerability with a CVSS score of 3.3 (LOW). include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name.
How severe is CVE-2014-3986?
CVE-2014-3986 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3986?
Check the references section above for vendor advisories and patch information. Affected products include: Cisofy Lynis.