Nessus nessus-adduser Race Condition

2004-07-22T04:56:44
ID OSVDB:8167
Type osvdb
Reporter Cyrille Barthelemy(cb-publicbox@ifrance.com)
Modified 2004-07-22T04:56:44

Description

Vulnerability Description

Nessus contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by a race condition when users do not configure their TMPDIR variable. This flaw may lead to a loss of Integrity.

Solution Description

Upgrade to version 2.0.12 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Nessus contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by a race condition when users do not configure their TMPDIR variable. This flaw may lead to a loss of Integrity.

References:

Vendor URL: http://www.nessus.org/ Vendor Specific Advisory URL Secunia Advisory ID:12127 Secunia Advisory ID:12288 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200408-11.xml ISS X-Force ID: 16768 CVE-2004-1445