Candidate: CVE-2014-3986
PublicDate: 2014-06-08 18:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3986
 http://seclists.org/fulldisclosure/2014/Jun/21
 http://openwall.com/lists/oss-security/2014/06/07/3
 http://openwall.com/lists/oss-security/2014/06/06/12
 http://openwall.com/lists/oss-security/2014/06/05/14
 http://cisofy.com/files/lynis-1.5.5.tar.gz
Description:
 include/tests_webservers in Lynis before 1.5.5 allows local users to
 overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted
 file with an easily determined name.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Tags_lynis: symlink-restriction hardlink-restriction
Patches_lynis:
upstream_lynis: released (1.5.5)
lucid_lynis: ignored (reached end-of-life)
precise_lynis: ignored (reached end-of-life)
precise/esm_lynis: DNE (precise was needed)
saucy_lynis: ignored (reached end-of-life)
trusty_lynis: ignored (reached end-of-life)
trusty/esm_lynis: DNE (trusty was needed)
utopic_lynis: ignored (reached end-of-life)
vivid_lynis: ignored (reached end-of-life)
vivid/stable-phone-overlay_lynis: DNE
vivid/ubuntu-core_lynis: DNE
wily_lynis: ignored (reached end-of-life)
xenial_lynis: not-affected (1.5.5-1)
yakkety_lynis: ignored (reached end-of-life)
zesty_lynis: ignored (reached end-of-life)
artful_lynis: ignored (reached end-of-life)
bionic_lynis: not-affected (1.5.5-1)
cosmic_lynis: not-affected (1.5.5-1)
disco_lynis: not-affected (1.5.5-1)
devel_lynis: not-affected (1.5.5-1)