This script is Copyright (C) 2008-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200804-11
(policyd-weight: Insecure temporary file creation)
Chris Howells reported that policyd-weight creates and uses the
'/tmp/.policyd-weight/' directory in an insecure manner.
A local attacker could exploit this vulnerability to delete arbitrary
files or change the ownership to the 'polw' user via symlink attacks.
Set '$LOCKPATH = '/var/run/policyd-weight/'' manually in
See also :
All policyd-weight users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=mail-filter/policyd-weight-0.1.14.17'
This version changes the default path for sockets to
'/var/run/policyd-weight', which is only writable by a privileged user.
Users need to restart policyd-weight immediately after the upgrade due
to this change.
Risk factor :
Low / CVSS Base Score : 3.3
Family: Gentoo Local Security Checks
Nessus Plugin ID: 31958 (gentoo_GLSA-200804-11.nasl)
CVE ID: CVE-2008-1569
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.