Michael Scherer discovered that some Lynis tests reuse the same temporary file. As some tests remove the temporary file, this might give an attacker the possibility to perform a link following attack. While timing must be perfect, there is a very small time window in which the attack can recreate the temporary file and symlink it to another resource, like a file. In this case data may be overwritten, or possibly executed. Linux users may use sysctl and set both fs.protected_hardlinks=1 and fs.protected_symlinks=1, which may reduce the impact for this type of attack.
CVE-2017-8108 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8108): Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file.
Doesn't affect Gentoo kernels with security coverage due to protected_{symlinks,hardlinks} hardening. @ Maintainer(s): Please bump to >=app-forensics/lynis-2.5.0
Shoud be superseded by version 2.5.2, see https://github.com/gentoo/gentoo/pull/5281
commit cada6eaa63e82a908cb06a863b5e4252973f1ff8 (HEAD) Author: charIes17 <charles17@arcor.de> AuthorDate: Thu Aug 3 09:14:43 2017 +0200 Commit: Patrice Clement <monsieurp@gentoo.org> CommitDate: Fri Aug 4 08:22:13 2017 +0200 app-forensics/lynis: version bump to 2.5.2. Gentoo-Bug: https://bugs.gentoo.org/621266 Gentoo-Bug: https://bugs.gentoo.org/591262 Package-Manager: Portage-2.3.6, Repoman-2.3.1 Closes: https://github.com/gentoo/gentoo/pull/5281 app-forensics/lynis/Manifest | 1 + app-forensics/lynis/lynis-2.5.2.ebuild | 55 ++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) create mode 100644 app-forensics/lynis/lynis-2.5.2.ebuild
commit 6f1f6bea7cf05c5ede27af1a26f3c2f32e8c461e (HEAD -> master, origin/master, origin/HEAD) Author: charIes17 <charles17@arcor.de> AuthorDate: Thu Aug 3 09:18:00 2017 +0200 Commit: Patrice Clement <monsieurp@gentoo.org> CommitDate: Fri Aug 4 08:22:21 2017 +0200 app-forensics/lynis: remove vulnerable versions. Gentoo-Bug: https://bugs.gentoo.org/621266 Package-Manager: Portage-2.3.6, Repoman-2.3.1 Closes: https://github.com/gentoo/gentoo/pull/5281 app-forensics/lynis/Manifest | 3 -- app-forensics/lynis/lynis-1.6.4.ebuild | 54 ---------------------------------- app-forensics/lynis/lynis-2.1.0.ebuild | 54 ---------------------------------- app-forensics/lynis/lynis-2.1.1.ebuild | 54 ---------------------------------- 4 files changed, 165 deletions(-) delete mode 100644 app-forensics/lynis/lynis-1.6.4.ebuild delete mode 100644 app-forensics/lynis/lynis-2.1.0.ebuild delete mode 100644 app-forensics/lynis/lynis-2.1.1.ebuild
@Maintainers: please call for stabilization when you are ready. Coordinated with b-man. Since we have removed a stable ebuild from tree, we need to ensure that the new keeps visibility or prepare a GLSA about the stable removal. Thanks, Security Team Padawan ChrisADR
the package has never been stabilised, so closed with noglsa as vuln versions have been removed.
re-open to figure out about dropped stable version. @monsieurp, ?
guess he doesn't care.
