Detections
Analytics

GLSA-202007-40 : Thin: Privilege escalation

medium Nessus Plugin ID 138963

Language:

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-202007-40 (Thin: Privilege escalation)

 It was discovered that Gentoo’s Thin ebuild does not properly handle its temporary runtime directories. This only affects OpenRC systems, as the flaw was exploitable via the init script.
 Impact :

 A local attacker could cause denial of service by killing arbitrary processes.
 Workaround :

 There is no known workaround at this time.

Solution

Gentoo has discontinued support for Thin. We recommend that users unmerge Thin:
 # emerge --unmerge 'www-servers/thin' NOTE: The Gentoo developer(s) maintaining Thin have discontinued support at this time. It may be possible that a new Gentoo developer will update Thin at a later date. There are many other web servers available in the tree in the www-servers category.

See Also

https://security.gentoo.org/glsa/202007-40

Plugin Details

Severity: Medium

ID: 138963

File Name: gentoo_GLSA-202007-40.nasl

Version: 1.1

Type: local

Published: 7/27/2020

Updated: 7/27/2020

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:thin, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 7/27/2020

Vulnerability Publication Date: 7/27/2020

Reference Information

GLSA: 202007-40