Lynis Security Notice: 1.5.4 and older

Lynis Security Notice: 1.5.4 and older

This week a vulnerability was reported in versions up to Lynis 1.5.4. With Lynis
being a security audit tool and focused on hardening Linux and Unix based systems, we regret any (security) bug being discovered. Since it is open source software, we like to be open about the issue, to help you understanding it and take the right precautions.

Description:

The temporary files created in the tests_webservers section are too predictable.
This may resulting in a possible race condition, where a local user creates the
temporary file and symlinks it to an existing system file. Lynis then uses this
file to store temporary data. As a result data is overwritten in the (linked) file.

Advice:

You are advised to upgrade Lynis to at least version 1.5.5, which has adjustments
to counter the vulnerability.

Workarounds:

Remove the temporary file creation in tests_webservers and disable the related tests using the temporary files.

Risks:

The chance for exploitation is considered low. The following conditions have to apply:

  1. Lynis has to be executed at that moment (usually once a day, or less).
  2. Access to the system is needed to the temporary file (to create file and guess the right name)
  3. Perfect timing of creating the symbolic link, as the window of opportunity is very small.

Related information:
Unfortunately this bug was not reported according common rules of responsible disclosure.
This resulted in two different CVE entries where created.
CVE-2014-3982: AIX
CVE-2014-3986: Linux and others (except AIX)

We are sorry for any inconvenience and will use this blog post as the main article to provide any further updates.

 

One more thing...

Keep learning

So you are interested in Linux security? Join the Linux Security Expert training program, a practical and lab-based training ground. For those who want to become (or stay) a Linux security expert.

See training package




Lynis Enterprise screenshot to help with system hardeningSecurity scanning with Lynis and Lynis Enterprise

Run automated security scans and increase your defenses. Lynis is an open source security tool to perform in-depth audits. It helps with system hardening, vulnerability discovery, and compliance.


Download

Leave a Reply

Your email address will not be published. Required fields are marked *