Michael Scherer discovered that some Lynis tests reuse the same temporary file. As some tests remove the temporary file, this might give an attacker the possibility to perform a link following attack. While timing must be perfect, there is a very small time window in which the attack can recreate the temporary file and symlink it to another resource, like a file. In this case data may be overwritten, or possibly executed.
Upgrade to Lynis 2.5.0 or later.
Linux users may use sysctl and set both fs.protected_hardlinks=1 and fs.protected_symlinks=1, which may reduce the impact for this type of attack.
- Lynis (Latest version)