GLSA-200408-11 : Nessus: 'adduser' race condition vulnerability
Low Nessus Plugin ID 14567
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200408-11 (Nessus: 'adduser' race condition vulnerability)
A race condition can occur in 'nessus-adduser' if the user has not configured their TMPDIR variable.
A malicious user could exploit this bug to escalate privileges to the rights of the user running 'nessus-adduser'.
There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of Nessus.
SolutionAll Nessus users should upgrade to the latest version:
# emerge sync # emerge -pv '>=net-analyzer/nessus-2.0.12' # emerge '>=net-analyzer/nessus-2.0.12'