Nessus contains a vulnerability allowing a user to perform a privilege escalation attack.
|Package||net-analyzer/nessus on all architectures|
|Affected versions||<= 2.0.11|
|Unaffected versions||>= 2.0.12|
Nessus is a free and powerful network security scanner.
A race condition can occur in "nessus-adduser" if the user has not configured their TMPDIR variable.
A malicious user could exploit this bug to escalate privileges to the rights of the user running "nessus-adduser".
There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of Nessus.
All Nessus users should upgrade to the latest version:
# emerge sync # emerge -pv ">=net-analyzer/nessus-2.0.12" # emerge ">=net-analyzer/nessus-2.0.12"
August 12, 2004
May 22, 2006: 02