Arch Linux Security Advisory ASA-201705-20
=========================================
Severity: High
Date    : 2017-05-22
CVE-ID  : CVE-2017-8108
Package : lynis
Type    : arbitrary file overwrite
Remote  : No
Link    : https://security.archlinux.org/AVG-278

Summary
======
The package lynis before version 2.5.0-1 is vulnerable to arbitrary
file overwrite.

Resolution
=========
Upgrade to 2.5.0-1.

# pacman -Syu "lynis>=2.5.0-1"

The problem has been fixed upstream in version 2.5.0.

Workaround
=========
None.

Description
==========
Michael Scherer discovered that some Lynis tests reuse the same
temporary file. As some tests remove the temporary file, this might
give an attacker the possibility to perform a link following attack.
While timing must be perfect, there is a very small time window in
which the attack can recreate the temporary file and symlink it to
another resource, like a file. In this case data may be overwritten, or
possibly executed.

Impact
=====
A local unprivileged attacker is able to overwrite arbitrary files on
the filesystem possibly leading to privilege escalation.

References
=========
https://bugs.archlinux.org/task/54067
https://cisofy.com/security/cve/cve-2017-8108/
https://security.archlinux.org/CVE-2017-8108

ArchLinux: 201705-20: lynis: arbitrary file overwrite

May 22, 2017

Summary

Michael Scherer discovered that some Lynis tests reuse the same temporary file. As some tests remove the temporary file, this might give an attacker the possibility to perform a link following attack. While timing must be perfect, there is a very small time window in which the attack can recreate the temporary file and symlink it to another resource, like a file. In this case data may be overwritten, or possibly executed.

Resolution

Upgrade to 2.5.0-1. # pacman -Syu "lynis>=2.5.0-1"
The problem has been fixed upstream in version 2.5.0.

References

https://bugs.archlinux.org/task/54067 https://cisofy.com/security/cve/cve-2017-8108/ https://security.archlinux.org/CVE-2017-8108

Severity
Package : lynis
Type : arbitrary file overwrite
Remote : No
Link : https://security.archlinux.org/AVG-278

Workaround

None.

Related News

5.ShakingHands Esm H320
3 - 5 min read
There has been a promising shift in the tech industry, with major companies pledging to release products with built-in security features. This
18.WifiCutout Landscape Esm H320
2 - 3 min read
A novel attack called TunnelVision has been discovered. It compromises the security of virtually all VPN apps, rendering their purpose useless. The
21.Globe RadiatingCode Esm H320
2 - 3 min read
The recent discovery of a backdoor in XZ Utils , a widely used Linux tool, raises concerns about the security of the open-source ecosystem. While
13.Lock StylizedMotherboard Esm H320
1 - 2 min read
Spiral Linux is a Debian-based distribution that offers a range of desktop environments, making it stand out from other Linux distributions. In
32.Lock Code Circular Esm H320
2 - 3 min read
Two critical security vulnerabilities were found in pgAdmin, the open-source administration tool for PostgreSQL . The vulnerabilities assigned
1.Penguin Landscape Esm H320
2 - 3 min read
The recent release of AlmaLinux 9.4 , closely aligned with Red Hat Enterprise Linux (RHEL) 9.4 , presents Linux admins and infosec professionals
11.Locks IsometricPattern Esm H320
2 - 3 min read
The upcoming release of Linux Mint 22 will introduce significant changes, particularly in handling XApp , GNOME applications, and the Software
2.Motherboard Esm H320
2 - 3 min read
German software engineer Lennart Poettering recently presented run0 , a new tool in systemd v256 that aims to address the security concerns
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved