Bug 812479 (CVE-2021-20117, CVE-2021-20118)

Summary:	<net-analyzer/nessus-agent-bin-8.3.1: multiple vulnerabilities (CVE-2021-{20117,20118})
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	trivial	CC:	marecki, zerochaos
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://www.tenable.com/security/tns-2021-15
Whiteboard:	~1 [trivial]
Package list:		Runtime testing required:	---

Description John Helmert III archtester

2021-09-10 19:19:52 UTC

CVE-2021-20117:

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20118.

CVE-2021-20118:

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent host. This is different than CVE-2021-20117.

Fixes in 8.3.1, please bump.

Comment 1 Larry the Git Cow gentoo-dev

2021-09-10 20:51:38 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f8ba57673317d30d66248273d1e69adf336c2c92

commit f8ba57673317d30d66248273d1e69adf336c2c92
Author:     Marek Szuba <marecki@gentoo.org>
AuthorDate: 2021-09-10 20:51:07 +0000
Commit:     Marek Szuba <marecki@gentoo.org>
CommitDate: 2021-09-10 20:51:11 +0000

    net-analyzer/nessus-agent-bin: add 8.3.1, drop 8.3.0
    
    Bug: https://bugs.gentoo.org/812479
    Signed-off-by: Marek Szuba <marecki@gentoo.org>

 net-analyzer/nessus-agent-bin/Manifest                                  | 2 +-
 .../{nessus-agent-bin-8.3.0.ebuild => nessus-agent-bin-8.3.1.ebuild}    | 0
 2 files changed, 1 insertion(+), 1 deletion(-)

Comment 2 John Helmert III archtester

2021-09-10 21:31:12 UTC

All done, thanks!