CVE-2017-8108
| Vendor | cpe:2.3:a:cisofy |
| Product | cpe:2.3:a:cisofy:lynis |
| CWE | 59 |
Description
Michael Scherer discovered that some Lynis tests reuse the same temporary file. As some tests remove the temporary file, this might give an attacker the possibility to perform a link following attack. While timing must be perfect, there is a very small time window in which the attack can recreate the temporary file and symlink it to another resource, like a file. In this case data may be overwritten, or possibly executed.
Mitigation
Upgrade to Lynis 2.5.0 or later.
Linux users may use sysctl and set both fs.protected_hardlinks=1 and fs.protected_symlinks=1, which may reduce the impact for this type of attack.
References
- Lynis (Latest version)