Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200408-11
HistoryAug 12, 2004 - 12:00 a.m.

Nessus: "adduser" race condition vulnerability

2004-08-1200:00:00
Gentoo Foundation
security.gentoo.org
6

3.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Background

Nessus is a free and powerful network security scanner.

Description

A race condition can occur in “nessus-adduser” if the user has not configured their TMPDIR variable.

Impact

A malicious user could exploit this bug to escalate privileges to the rights of the user running “nessus-adduser”.

Workaround

There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of Nessus.

Resolution

All Nessus users should upgrade to the latest version:

 # emerge sync
 
 # emerge -pv ">=net-analyzer/nessus-2.0.12"
 # emerge ">=net-analyzer/nessus-2.0.12"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-analyzer/nessus<= 2.0.11UNKNOWN

Related

nessus 1
openvas 2
cve 1
nessus
nessus
GLSA-200408-11 : Nessus: 'adduser' race condition vulnerability
2004-08-30 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200408-11 (Nessus)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200408-11 (Nessus)
2008-09-24 00:00:00
cve
cve
CVE-2004-1445
2004-12-31 05:00:00

3.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON
Related for GLSA-200408-11
nessus1openvas2cve1