7 matches found
Amazon Linux AMI : lynis (ALAS-2020-1419)
The version of lynis installed on the remote host is prior to 3.0.0-1.17. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1419 advisory. In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is...
Fedora: Security Advisory for lynis (FEDORA-2020-f251753b0f)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 31 : lynis (2020-059e1591d6)
Update to 3.0.0 rhbz 1848716, Fixes CVE-2020-13882 / CVE-2019-13033 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Fedora 32 : lynis (2020-f251753b0f)
Update to 3.0.0 rhbz 1848716, fixes CVE-2020-13882 / CVE-2019-13033 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...
CVE-2020-13882
CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker can set up a log and report file, and contro...
CVE-2020-13882
CVE-2020-13882 affects CISOfy Lynis prior to 3.0.0, where an incorrect access control due to a TOCTOU race in log/report permission checks can be bypassed locally. An unprivileged attacker could set up a log/report file, manipulate it during the check, then recreate/remove it for follow-on attack...
Several issues in Lynis
lynis update: This release resolves two security issues CVE-2020-13882 - Discovered by Sander Bos, code submission by Katarina Durechova CVE-2019-13033 - Discovered by Sander Bos...