Nessus: "adduser" race condition vulnerability
Gentoo Linux Security Advisory
||GLSA 200408-11 / Nessus
||August 12, 2004
||May 22, 2006: 02
All supported architectures
Nessus contains a vulnerability allowing a user to perform a privilege
Nessus is a free and powerful network security scanner.
A race condition can occur in "nessus-adduser" if the user has not
configured their TMPDIR variable.
A malicious user could exploit this bug to escalate privileges to the
rights of the user running "nessus-adduser".
There is no known workaround at this time. All users are encouraged to
upgrade to the latest available version of Nessus.
All Nessus users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge sync
# emerge -pv ">=net-analyzer/nessus-2.0.12"
# emerge ">=net-analyzer/nessus-2.0.12"