4 matches found
[oss-security] Re: CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 39 if "$OS" = "AIX" ; then 40 TMPFILE=/tmp/lynis.$$ We can make a CVE assignment corresponding to your disclosure of this lynis.$$ issue on oss-security. Use CVE-2014-3982. A CVE for this most likely won't or shouldn't have a...
CVE-2014-3986
include/testswebservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis..unsorted file with an easily determined name...
CVE-2014-3986
include/testswebservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis..unsorted file with an easily determined name...
CVE-2014-3986
The CVE-2014-3986 entry concerns Lynis (before 1.5.5) where a symlink attack on a temporary file (/tmp/lynis.*.unsorted) can allow local users to overwrite arbitrary files. The underlying issue is a path/temporary-file handling weakness that enables a symlink to point to a target file, enabling m...