|Type||Arbitrary file overwrite|
Michael Scherer discovered that some Lynis tests reuse the same temporary file. As some tests remove the temporary file, this might give an attacker the possibility to perform a link following attack. While timing must be perfect, there is a very small time window in which the attack can recreate the temporary file and symlink it to another resource, like a file. In this case data may be overwritten, or possibly executed.
|22 May 2017||ASA-201705-20||AVG-278||lynis||High||arbitrary file overwrite|