1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200408-11 / Nessus |
| Release Date | August 12, 2004 |
| Latest Revision | May 22, 2006: 02 |
| Impact | normal |
| Exploitable | local |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| net-analyzer/nessus | <= 2.0.11 | >= 2.0.12 | All supported architectures |
Related bugreports: #58014
Nessus contains a vulnerability allowing a user to perform a privilege escalation attack.
Nessus is a free and powerful network security scanner.
A race condition can occur in "nessus-adduser" if the user has not configured their TMPDIR variable.
A malicious user could exploit this bug to escalate privileges to the rights of the user running "nessus-adduser".
There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of Nessus.
All Nessus users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge sync # emerge -pv ">=net-analyzer/nessus-2.0.12" # emerge ">=net-analyzer/nessus-2.0.12" |