3.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.2%
Nessus is a free and powerful network security scanner.
A race condition can occur in “nessus-adduser” if the user has not configured their TMPDIR variable.
A malicious user could exploit this bug to escalate privileges to the rights of the user running “nessus-adduser”.
There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of Nessus.
All Nessus users should upgrade to the latest version:
# emerge sync
# emerge -pv ">=net-analyzer/nessus-2.0.12"
# emerge ">=net-analyzer/nessus-2.0.12"
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Gentoo | any | all | net-analyzer/nessus | <= 2.0.11 | UNKNOWN |