Candidate: CVE-2017-8108
PublicDate: 2017-06-08 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8108
 https://cisofy.com/security/cve/cve-2017-8108/
 https://github.com/CISOfy/lynis/releases/tag/2.5.0
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJXMPYANXHI25NQZ36QMXNXANDRAA5YG/
 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJHLLWNW7NASVXCK24YBSIUQQPWGCMB5/
Description:
 Unspecified tests in Lynis before 2.5.0 allow local users to write to
 arbitrary files or possibly gain privileges via a symlink attack on a
 temporary file.
Ubuntu-Description:
Notes:
 sbeattie> symlink hardening
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]

Patches_lynis:
 upstream: https://github.com/CISOfy/lynis/commit/a9b67dc67579539436f49b7835d21abe870b1564
upstream_lynis: released (2.5.0-1)
precise/esm_lynis: DNE
trusty_lynis: ignored (reached end-of-life)
trusty/esm_lynis: DNE (trusty was needs-triage)
vivid/stable-phone-overlay_lynis: DNE
vivid/ubuntu-core_lynis: DNE
xenial_lynis: ignored (end of standard support, was needed)
yakkety_lynis: ignored (reached end-of-life)
zesty_lynis: ignored (reached end-of-life)
artful_lynis: not-affected (2.5.0-1)
bionic_lynis: not-affected (2.5.0-1)
cosmic_lynis: not-affected (2.5.0-1)
disco_lynis: not-affected (2.5.0-1)
eoan_lynis: not-affected (2.5.0-1)
focal_lynis: not-affected (2.5.0-1)
groovy_lynis: not-affected (2.5.0-1)
hirsute_lynis: not-affected (2.5.0-1)
impish_lynis: not-affected (2.5.0-1)
jammy_lynis: not-affected (2.5.0-1)
devel_lynis: not-affected (2.5.0-1)