Security
Security
Nessus contains a vulnerability allowing a user to perform a privilege escalation attack.
| Package | net-analyzer/nessus on all architectures |
|---|---|
| Affected versions | <= 2.0.11 |
| Unaffected versions | >= 2.0.12 |
Nessus is a free and powerful network security scanner.
A race condition can occur in "nessus-adduser" if the user has not configured their TMPDIR variable.
A malicious user could exploit this bug to escalate privileges to the rights of the user running "nessus-adduser".
There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of Nessus.
All Nessus users should upgrade to the latest version:
# emerge sync # emerge -pv ">=net-analyzer/nessus-2.0.12" # emerge ">=net-analyzer/nessus-2.0.12"
Release date
August 12, 2004
Latest revision
May 22, 2006: 02
Severity
normal
Exploitable
local
Bugzilla entries